Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyj±tek www.elektroda.pl do Adblock.
Dzięki temu, że ogl±dasz reklamy, wspierasz portal i użytkowników.

wirus Żeѱ , windows 10, FRST

karololol 13 Kwi 2017 22:36 621 5
  • Pomocny post
    #2 13 Kwi 2017 23:00
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Remote Desktop Access (VuuPC)

    Wykonaj Fixlist.txt dla FRST z zawartoscia:
    Online.io Application (x32 Version: 2.2.0 - Microleaves) Hidden <==== UWAGA
    Traffic Exchange (x32 Version: 2.2.0 - Microleaves) Hidden <==== UWAGA

    Odinstaluj:
    Online.io Application
    Traffic Exchange

    Wykonaj kolejny Fixlist.txt:
    CloseProcesses:
    Task: {04CCD6DB-20F2-45E7-8C78-B486670A9333} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Version 2.2.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {06AABEE9-8DDD-4DD6-817A-89B2C7126E9C} - System32\Tasks\Dersstdward Controls => C:\Program Files (x86)\Kcoledruvient\xsercuch.exe [2017-04-13] (Google Inc.)
    Task: {0D1DA532-D544-4415-8F44-93863651AA18} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Version 2.2.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {26EECA3A-B382-4AFB-9B42-A8DB8078C8F7} - System32\Tasks\Online Application Updater => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== UWAGA
    Task: {333A632D-9BA4-42ED-8A0F-45E2AF077658} - System32\Tasks\{CDAC8999-747E-4BEB-A3AE-6137E4B8D5AE} => pcalua.exe -a "C:\Program Files (x86)\Aripgharisose\xsercuch.exe" -c c7cd8ab9-068f-4b07-b986-d924dbc4003d "/k={76D7FAC4-0F3F-4A36-AF3D-914AEF1071B2}"
    Task: {36C44F13-2EB6-41E0-8D40-324D8E10AF38} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Version 2.2.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {586488E8-638D-4416-A28C-B3347D35533D} - System32\Tasks\Atuquy => "msiexec" /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/oc...BD100_96U1PYFBTXX96U1PYFBT&amp;d=20170413 /q
    Task: {7B41274A-2D3B-43DA-9B09-2C5B0C3F30F1} - System32\Tasks\osTip => Chrome.exe <==== UWAGA
    Task: {7F9C3668-7B40-45AF-A2FE-F670C24D791B} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Version 2.2.0\Online-Guardian.exe <==== UWAGA
    Task: {8F87F95A-98C4-4E55-B92C-F2F459104CB3} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== UWAGA
    Task: {94A24A2B-024B-4EB4-80A9-9B24232C5976} - System32\Tasks\Jaserpyhawuph => "msiexec" /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/oc...BD100_96U1PYFBTXX96U1PYFBT&amp;d=20170413 /q
    Task: {A32E4EDE-9AC0-4372-9189-06B7E14F2FE6} - System32\Tasks\RunAtStartup => C:\Users\Adam\AppData\Roaming\Event Monitor\em.exe <==== UWAGA




    Task: {B209BD5A-40C0-4528-AF72-1C19D3EF712F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\windows\Explorer.exe /NOUACCHECK
    Task: {B22A7A3F-C185-4FEE-8D7A-B9CA36081D53} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe <==== UWAGA
    Task: {B5BE8A5A-FF26-495A-BEE8-4EC6AA79B0BA} - System32\Tasks\KuaiZip_Update => C:\PROGRA~1\88D7~1\X86\Update.exe <==== UWAGA
    Task: {CE5A1EE9-3471-4381-8DA7-9CEADA47F607} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Version 2.2.0\Online-Guardian.exe <==== UWAGA
    Task: {FD2573F0-3140-4C7D-AF5F-59F8FFF75FB9} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Version 2.2.0\Online-Guardian.exe <==== UWAGA
    Task: C:\windows\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== UWAGA
    Task: C:\windows\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Version 2.2.0\Online-Guardian.exe <==== UWAGA
    Task: C:\windows\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Version 2.2.0\Online-Guardian.exe <==== UWAGA
    Task: C:\windows\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Version 2.2.0\Online-Guardian.exe <==== UWAGA
    Task: C:\windows\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== UWAGA
    Task: C:\windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Version 2.2.0\Online-Guardian.exe <==== UWAGA
    Task: C:\windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Version 2.2.0\Online-Guardian.exe <==== UWAGA
    Task: C:\windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Version 2.2.0\Online-Guardian.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s...mbl10bu,4718c750-7e60-4f49-865e-4f73ba6be975,,
    ShortcutWithArgument: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=H4Dztrmbl10BU,4718c750-7e60-4f49-865e-4f73ba6be975,"
    ShortcutWithArgument: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?re...amp;destination=booking&refclickid=square
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    2017-04-13 19:52 - 2017-04-13 19:52 - 00230400 _____ () C:\Program Files (x86)\9080e758-a26e-411a-a043-48c7dfbd0b201492105799\prot9080e758-a26e-411a-a043-48c7dfbd0b20.tmpfs
    2017-04-13 19:52 - 2017-04-13 19:52 - 01620992 _____ () C:\ProgramData\service.exe
    2017-04-13 19:50 - 2017-04-13 19:50 - 00318976 _____ () C:\Program Files (x86)\9080e758-a26e-411a-a043-48c7dfbd0b201492105799\kns9080e758-a26e-411a-a043-48c7dfbd0b20.tmpfs
    2017-04-13 19:52 - 2017-04-13 19:52 - 00516096 _____ () C:\windows\SysWOW64\SurfShield.exe
    2017-04-13 19:53 - 2017-04-13 19:53 - 00219032 _____ () c:\program files\żěń±\x86\kuaizipupdatechecker.dll
    Hosts:
    () C:\Program Files (x86)\9080e758-a26e-411a-a043-48c7dfbd0b201492105799\prot9080e758-a26e-411a-a043-48c7dfbd0b20.tmpfs
    () C:\ProgramData\service.exe
    () C:\Program Files (x86)\9080e758-a26e-411a-a043-48c7dfbd0b201492105799\kns9080e758-a26e-411a-a043-48c7dfbd0b20.tmpfs
    () C:\Windows\SysWOW64\SurfShield.exe
    HKLM\...\Run: [vnlgp] => C:\Users\Adam\AppData\Roaming\vnlgp\vnlgp\start.cmd [214 2016-04-04] () <===== UWAGA
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [msiql] => C:\Users\Adam\AppData\Local\Temp\00021321\msiql.exe /RUNNING <===== UWAGA
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [GR7SIBDX5I0GT68] => "C:\Program Files\ILMSIR8MY7\ILMSIR8MY.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [J4X9Q8Y26FZ3PJ5] => "C:\Users\Adam\AppData\Local\Temp\2MYRt9H1il.exe" <===== UWAGA
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [G11MCS6JOWE7S19] => "C:\Program Files\1ZH6PY959O\1ZH6PY959.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [YboxRR'9YI.exe] => C:\Program Files\Microsoft.NET\EXAAIL2GUXQUZPYMPZ\YboxRR'9YI.exe -r1_1 -r2_1
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\Chrome.exe /AUTORUN
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [CIJ7VF1KGV2I2ED] => "C:\Program Files\2YROFSCKSY\2YROFSCKS.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [SYNKMH6CIYD6VV6] => "C:\Program Files\G57MG2V23T\TUE1O1132.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [63201222] => "C:\Users\Adam\AppData\Roaming\53062852\51419.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [GSEYMDZWPC6VO7A] => "C:\Program Files\NJQ48NMZ7O\NJQ48NMZ7.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [1KT9WS7UOO2U1P0] => "C:\Program Files\YYL5AUQVZX\ANSKITWWY.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [BMTU7GGHJS6MBRX] => "C:\Program Files\GZL3PHW7D8\3C57DP2YT.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [N5OSSPBQ0X6KLS0] => "C:\Program Files\86LRF5GIP5\86LRF5GIP.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [86939435] => "C:\Users\Adam\AppData\Roaming\99244817\843059.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [J3YUUJNK1NL8Q5U] => "C:\Program Files (x86)\DiskP\D4OVA.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [2WJRGPFKIHUN8I0] => "C:\Program Files\REIIKM6AID\REIIKM6AI.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [M6792GHCATYZLSW] => "C:\Program Files\0JVYPCL9GF\0JVYPCL9G.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [4GI97W68CS7ALHL] => "C:\Program Files\D7N6LW0NDX\QWULTW6OC.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\Run: [1AV60SNAG3NXNB3] => "C:\Program Files\0S2QY3ANCZ\U7JYQ7067.exe"
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\...\MountPoints2: {624afdcb-0a6b-11e7-9457-58fb8415fac6} - "H:\SETUP.EXE"
    HKU\S-1-5-18\...\Run: [] => [X]
    HKLM\...\Providers\19luctmf: C:\Program Files (x86)\Dersstdward Controls\local64spl.dll
    ShellExecuteHooks: Brak nazwy - {F83EC32E-1E9E-11E7-B7A3-64006A5CFC23} - C:\Program Files (x86)\Aripgharisose\Anunetain.dll -> Brak pliku
    ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěѱ\X64\KZipShell.dll -> Brak pliku
    Tcpip\..\Interfaces\{5553cdf1-6fc5-4946-98f6-d53267ee40ee}: [NameServer] 82.163.142.8,95.211.158.136
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\S-1-5-21-4173381610-922146534-3328995151-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    SearchScopes: HKLM -> {F9E75BE5-EF67-488A-A6D1-FFEA5D9810B4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {F9E75BE5-EF67-488A-A6D1-FFEA5D9810B4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-4173381610-922146534-3328995151-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://zquirrel.com/SmartSearch/index.php?p={searchTerms}&bn=ie&ch_id=AM01&g=9080e758-a26e-411a-a043-48c7dfbd0b20&
    SearchScopes: HKU\S-1-5-21-4173381610-922146534-3328995151-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://zquirrel.com/SmartSearch/index.php?p={searchTerms}&bn=ie&ch_id=AM01&g=9080e758-a26e-411a-a043-48c7dfbd0b20&
    SearchScopes: HKU\S-1-5-21-4173381610-922146534-3328995151-1001 -> {F9E75BE5-EF67-488A-A6D1-FFEA5D9810B4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    FF ProfilePath: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\jvqa9ulq.default\Profiles\jvqa9ulq.default [nie znaleziono]
    FF NewTab: Mozilla\Firefox\Profiles\jvqa9ulq.default -> hxxp://www-searching.com/?site=shyosffdefault...mbl10BU,4718c750-7e60-4f49-865e-4f73ba6be975,,
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\jvqa9ulq.default -> initialpage123
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\jvqa9ulq.default -> initialpage123
    FF Extension: (TLS 1.3 A/B Test Experiment) - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jvqa9ulq.default\features\{01b1cf16-245f-419f-8078-5650607af8eb}\tls13-comparison-all-v1@mozilla.org.xpi [2017-04-12]
    FF SearchPlugin: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jvqa9ulq.default\searchplugins\19luctmf.xml [2017-04-13]
    FF SearchPlugin: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jvqa9ulq.default\searchplugins\smod.xml [2017-04-13]
    R2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-04-13] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 KuaizipUpdateChecker; C:\Program Files\żěѱ\X86\kuaizipUpdateChecker.dll [219032 2017-04-13] ()
    R2 SNARE; C:\Users\Adam\AppData\Local\SNARE\Snarer.dll [793600 2017-04-13] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    R2 surfshieldsrv; C:\windows\SysWOW64\SurfShield.exe [516096 2017-04-13] () [Brak podpisu cyfrowego]
    S2 9HeVirYLlvkG Updater; C:\Program Files (x86)\9HeVirYLlvkG Updater\9HeVirYLlvkG Updater.exe [X]
    R2 gemeloki; C:\Program Files (x86)\9080e758-a26e-411a-a043-48c7dfbd0b201492105799\prot9080e758-a26e-411a-a043-48c7dfbd0b20.tmpfs [X]
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    S4 McProxy; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    S2 serverss; C:\windows\Temp\614.tmp [X]
    R2 servervo; C:\Program Files (x86)\9080e758-a26e-411a-a043-48c7dfbd0b201492105799\kns9080e758-a26e-411a-a043-48c7dfbd0b20.tmpfs [X]
    S1 cryptfd; C:\windows\System32\drivers\cryptfd.sys [193448 2017-03-03] ()
    2017-04-13 22:21 - 2017-04-13 22:21 - 50053120 _____ C:\Program Files (x86)\GUT71D0.tmp
    2017-04-13 22:21 - 2017-04-13 22:21 - 00000000 ____D C:\Program Files (x86)\GUM71C0.tmp
    2017-04-13 21:13 - 2017-04-13 21:13 - 00000000 ____D C:\Users\Adam\AppData\Local\SNARE
    2017-04-13 20:37 - 2017-04-13 21:10 - 00003104 _____ C:\windows\System32\Tasks\RunAtStartup
    2017-04-13 20:24 - 2017-04-13 20:24 - 00003428 _____ C:\windows\System32\Tasks\{CDAC8999-747E-4BEB-A3AE-6137E4B8D5AE}
    2017-04-13 20:14 - 2017-04-13 20:21 - 00000000 ____D C:\Program Files\D7N6LW0NDX
    2017-04-13 20:14 - 2017-04-13 20:21 - 00000000 ____D C:\Program Files\0S2QY3ANCZ
    2017-04-13 20:10 - 2017-04-13 20:21 - 00000000 ____D C:\Program Files\0JVYPCL9GF
    2017-04-13 20:09 - 2017-04-13 20:19 - 00000000 ____D C:\Program Files (x86)\gamesdesktop
    2017-04-13 20:07 - 2017-04-13 20:21 - 00000000 ____D C:\Program Files\REIIKM6AID
    2017-04-13 20:06 - 2017-04-13 20:21 - 00000000 ____D C:\Users\Adam\AppData\Roaming\99244817
    2017-04-13 20:06 - 2017-04-13 20:21 - 00000000 ____D C:\Program Files\GZL3PHW7D8
    2017-04-13 20:06 - 2017-04-13 20:21 - 00000000 ____D C:\Program Files\86LRF5GIP5
    2017-04-13 20:04 - 2017-04-13 20:20 - 00000000 ____D C:\Program Files\NJQ48NMZ7O
    2017-04-13 19:57 - 2017-04-13 20:20 - 00000000 ____D C:\Users\Adam\AppData\Roaming\53062852
    2017-04-13 19:57 - 2017-04-13 20:20 - 00000000 ____D C:\Program Files\G57MG2V23T
    2017-04-13 19:57 - 2017-04-13 20:20 - 00000000 ____D C:\Program Files\2YROFSCKSY
    2017-04-13 19:57 - 2017-04-13 19:57 - 00000000 ____D C:\Users\Adam\AppData\Local\Fercelethiweing
    2017-04-13 19:57 - 2017-04-13 19:57 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-04-13 19:56 - 2017-04-13 21:52 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Event Monitor
    2017-04-13 19:56 - 2017-04-13 19:56 - 00005148 _____ C:\windows\System32\Tasks\Jaserpyhawuph
    2017-04-13 19:55 - 2017-04-13 20:33 - 00000000 __SHD C:\ProgramData\WindowsMsg
    2017-04-13 19:55 - 2017-04-13 20:18 - 00000000 ____D C:\Program Files\Common Files\Noobzo
    2017-04-13 19:55 - 2017-04-13 19:55 - 00003016 _____ C:\windows\System32\Tasks\osTip
    2017-04-13 19:55 - 2017-04-13 19:55 - 00000000 ____D C:\Users\Adam\AppData\Local\Pridupy
    2017-04-13 19:55 - 2017-04-13 19:55 - 00000000 ____D C:\ProgramData\SearchModule
    2017-04-13 19:55 - 2017-04-13 19:55 - 00000000 ____D C:\ProgramData\Microleaves
    2017-04-13 19:55 - 2017-04-13 19:55 - 00000000 ____D C:\Program Files (x86)\Mijottenury
    2017-04-13 19:54 - 2017-04-13 20:18 - 00000000 ____D C:\Program Files (x86)\pccleanplus
    2017-04-13 19:54 - 2017-04-13 19:54 - 00187904 _____ C:\windows\rsrcs.dll
    2017-04-13 19:54 - 2017-04-13 19:54 - 00004252 _____ C:\windows\System32\Tasks\SMW_P
    2017-04-13 19:53 - 2017-04-13 20:33 - 00000000 ____D C:\Program Files (x86)\mpck
    2017-04-13 19:53 - 2017-04-13 20:20 - 00000000 ____D C:\Program Files\ILMSIR8MY7
    2017-04-13 19:53 - 2017-04-13 20:20 - 00000000 ____D C:\Program Files\1ZH6PY959O
    2017-04-13 19:53 - 2017-04-13 20:05 - 00000000 ____D C:\Users\Adam\AppData\Roaming\KuaiZip
    2017-04-13 19:53 - 2017-04-13 19:53 - 00092832 _____ (WinMount International Inc) C:\windows\system32\Drivers\KuaiZipDrive.sys
    2017-04-13 19:53 - 2017-04-13 19:53 - 00003554 _____ C:\windows\System32\Tasks\KuaiZip_Update
    2017-04-13 19:53 - 2017-04-13 19:53 - 00000889 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\żěѱ.lnk
    2017-04-13 19:53 - 2017-04-13 19:53 - 00000000 ____H C:\windows\system32\BIT1F0C.tmp
    2017-04-13 19:53 - 2017-04-13 19:53 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Softlink
    2017-04-13 19:53 - 2017-04-13 19:53 - 00000000 ____D C:\Program Files\żěѱ
    2017-04-13 19:52 - 2017-04-13 20:18 - 00000420 _____ C:\windows\Tasks\Online Application Updater.job
    2017-04-13 19:52 - 2017-04-13 20:18 - 00000406 ____H C:\windows\Tasks\Traffic Exchange Updater.job
    2017-04-13 19:52 - 2017-04-13 20:18 - 00000388 _____ C:\windows\Tasks\Online Application v209.job
    2017-04-13 19:52 - 2017-04-13 20:18 - 00000388 _____ C:\windows\Tasks\Online Application v209 Guardian.job
    2017-04-13 19:52 - 2017-04-13 20:18 - 00000388 _____ C:\windows\Tasks\Online Application v209 Guard.job
    2017-04-13 19:52 - 2017-04-13 20:18 - 00000378 _____ C:\windows\Tasks\Traffic Exchange v209 - 3.job
    2017-04-13 19:52 - 2017-04-13 20:18 - 00000378 _____ C:\windows\Tasks\Traffic Exchange v209 - 2.job
    2017-04-13 19:52 - 2017-04-13 20:18 - 00000378 _____ C:\windows\Tasks\Traffic Exchange v209 - 1.job
    2017-04-13 19:52 - 2017-04-13 20:01 - 00000000 ____D C:\Program Files (x86)\lll
    2017-04-13 19:52 - 2017-04-13 19:56 - 00000000 ____D C:\Users\Adam\AppData\Roaming\UCChannel
    2017-04-13 19:52 - 2017-04-13 19:52 - 01620992 _____ C:\ProgramData\service.exe
    2017-04-13 19:52 - 2017-04-13 19:52 - 00516096 _____ C:\windows\SysWOW64\SurfShield.exe
    2017-04-13 19:52 - 2017-04-13 19:52 - 00003654 _____ C:\windows\System32\Tasks\CreateExplorerShellUnelevatedTask
    2017-04-13 19:52 - 2017-04-13 19:52 - 00003314 _____ C:\windows\System32\Tasks\Online Application Updater
    2017-04-13 19:52 - 2017-04-13 19:52 - 00003294 _____ C:\windows\System32\Tasks\Traffic Exchange Updater
    2017-04-13 19:52 - 2017-04-13 19:52 - 00003294 _____ C:\windows\System32\Tasks\Online Application v209 Guardian
    2017-04-13 19:52 - 2017-04-13 19:52 - 00003288 _____ C:\windows\System32\Tasks\Online Application v209 Guard
    2017-04-13 19:52 - 2017-04-13 19:52 - 00003276 _____ C:\windows\System32\Tasks\Online Application v209
    2017-04-13 19:52 - 2017-04-13 19:52 - 00003270 _____ C:\windows\System32\Tasks\Traffic Exchange v209 - 3
    2017-04-13 19:52 - 2017-04-13 19:52 - 00003270 _____ C:\windows\System32\Tasks\Traffic Exchange v209 - 2
    2017-04-13 19:52 - 2017-04-13 19:52 - 00003270 _____ C:\windows\System32\Tasks\Traffic Exchange v209 - 1
    2017-04-13 19:52 - 2017-04-13 19:52 - 00000000 __SHD C:\Users\Adam\AppData\Local\svchost
    2017-04-13 19:52 - 2017-04-13 19:52 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-04-13 19:52 - 2017-04-13 19:52 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-04-13 19:51 - 2017-04-13 20:07 - 00140288 _____ C:\Users\Adam\AppData\Roaming\Installer.dat
    2017-04-13 19:51 - 2017-04-13 20:07 - 00011568 _____ C:\Users\Adam\AppData\Roaming\InstallationConfiguration.xml
    2017-04-13 19:51 - 2017-04-13 19:52 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-04-13 19:51 - 2017-04-13 19:52 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-04-13 19:51 - 2017-04-13 19:52 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microleaves
    2017-04-13 19:51 - 2017-04-13 19:52 - 00000000 ____D C:\Users\Adam\AppData\Local\AdvinstAnalytics
    2017-04-13 19:50 - 2017-04-13 19:50 - 00000000 _____ C:\TOSTACK
    2017-04-13 19:49 - 2017-04-13 22:19 - 00000000 ____D C:\Program Files (x86)\9080e758-a26e-411a-a043-48c7dfbd0b201492105799
    2017-04-13 19:44 - 2017-04-13 20:36 - 00000000 ____D C:\ProgramData\1332447b-6983-0
    2017-04-13 19:44 - 2017-04-13 20:35 - 00000000 ____D C:\ProgramData\1332447b-2545-1
    2017-04-13 19:44 - 2017-04-13 19:57 - 00000000 ____D C:\Program Files (x86)\SystemHealer
    2017-04-13 19:44 - 2017-04-13 19:44 - 00000000 ____D C:\Users\Adam\AppData\Roaming\vnlgp
    2017-04-13 19:43 - 2017-04-13 20:35 - 00000000 ____D C:\Program Files (x86)\Dersstdward Controls
    2017-04-13 19:43 - 2017-04-13 20:18 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Reagich
    2017-04-13 19:43 - 2017-04-13 19:43 - 00006136 _____ C:\windows\System32\Tasks\Dersstdward Controls
    2017-04-13 19:43 - 2017-04-13 19:43 - 00006070 _____ C:\windows\System32\Tasks\Atuquy
    2017-04-13 19:43 - 2017-04-13 19:43 - 00000000 ____D C:\Users\Adam\AppData\Local\Aterbugh
    2017-04-13 19:43 - 2017-04-13 19:43 - 00000000 ____D C:\Program Files (x86)\Kcoledruvient
    2017-04-13 22:21 - 2017-04-13 22:21 - 50053120 _____ () C:\Program Files (x86)\GUT71D0.tmp
    2017-04-13 19:53 - 2017-04-13 19:53 - 0023622 _____ () C:\Users\Adam\AppData\Roaming\aliexpress.ico
    2017-04-13 19:53 - 2017-04-13 19:53 - 0099678 _____ () C:\Users\Adam\AppData\Roaming\booking.ico
    2017-04-13 19:51 - 2017-04-13 20:07 - 0011568 _____ () C:\Users\Adam\AppData\Roaming\InstallationConfiguration.xml
    2017-04-13 19:51 - 2017-04-13 20:07 - 0140288 _____ () C:\Users\Adam\AppData\Roaming\Installer.dat
    2017-04-13 19:52 - 2017-04-13 19:52 - 1620992 _____ () C:\ProgramData\service.exe
    C:\Users\Adam\AppData\Roaming\vnlgp\vnlgp\start.cmd
    C:\ProgramData\service.exe
    EmptyTemp:

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #4 14 Kwi 2017 07:08
    Kolobos
    Spec od komputerów

    Odinstaluj: Traffic Exchange

    Usun katalogi: C:\AdwCleaner oraz: C:\FRST i to wszystko.

    0
  • #5 14 Kwi 2017 17:58
    karololol
    Poziom 2  

    No wła¶nie nie mogę odinstalować tego programu. Jest na li¶cie, ale "odinstaluj" i "modyfikuj" jest nieaktywne. W trybie awaryjnym to samo. Jaki¶ inny sposób?

    0
  • Pomocny post
    #6 14 Kwi 2017 18:06
    Kolobos
    Spec od komputerów

    Mozesz usunac wpis z listy przy pomocy regedit, to tylko pusty wpis. Programu juz nie ma, mozesz nawet to tak zostawic.

    0