Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Samoinstalujące się programy, reklamy, przeglądarki

iFalcon 12 Maj 2017 17:08 591 4
  • CControls
  • Pomocny post
    #2 12 Maj 2017 18:17
    Kolobos
    Spec od komputerów

    Odinstaluj:
    AliExpress version 1.1.0.5019
    AlphaGo
    amuleC
    WINSNARE
    YAC(Yet Another Cleaner!)

    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie przegladarki.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    HKU\S-1-5-21-1408503630-3036824600-2394758180-1000\...\ChromeHTML: -> "C:\Program Files (x86)\Eggper\Application\chrome.exe" "%1" <==== UWAGA
    Task: {0CC8FD66-CBCD-4812-9FDD-D052516827BF} - System32\Tasks\{D2085AEA-2651-4F8E-AF16-F43B3D4AD8B1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.2.0.103/pl/abandoninstall?page=tsProgressBar
    Task: {20BAB9CA-5701-4F4A-87A9-54F26D972F16} - System32\Tasks\Windows-PG => powershell.exe C:\windows\psgo\psgo.ps1
    Task: {2603ED5E-780A-40A1-A6AA-182F6019C5ED} - System32\Tasks\{59D1F921-E5ED-4875-BCAA-49DE712FF1A5} => pcalua.exe -a "C:\Program Files (x86)\ShopperPro\SPremove.exe" <==== UWAGA
    Task: {26B13F68-1CCE-4211-863E-3FF7A36BB03B} - System32\Tasks\{49904683-2F3A-43A9-8675-6EEC4A9C8FA1} => Chrome.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pl/go/hel...?source=lightinstaller&amp;LastError=1638
    Task: {2909E919-AB31-48AB-8531-00548278C2BB} - System32\Tasks\{0B724D03-22CE-4EC5-BBE8-83BBAD779B08} => pcalua.exe -a "D:\Users\Mateusz\Downloads\Counter Strike 1.6 v50\Uninstall.exe" -d "D:\Users\Mateusz\Downloads\Counter Strike 1.6 v50"
    Task: {2E3FF3D1-25C6-4C61-8967-E4F6789D0B4E} - System32\Tasks\{45292953-BF50-48BF-BE18-6E83DD9B916A} => pcalua.exe -a "C:\Program Files (x86)\YTDownloader\YTDUninstall.exe"
    Task: {34C402C1-976D-48FD-A34F-82F88736D361} - System32\Tasks\{D5E72098-E822-4F1D-AEDB-1B1237C169F5} => pcalua.exe -a C:\Users\Mateusz\Downloads\image95738.scr -d C:\Users\Mateusz\Downloads -c /S
    Task: {38CCFDC8-FF3D-4696-A6D7-A391A01027ED} - \MathGeek -> Brak pliku <==== UWAGA
    Task: {3BC70485-FF31-42D2-AD62-1F458B913EE7} - System32\Tasks\{0A8FE31F-7D7D-4FD3-B78D-83DC0964094C} => C:\Users\Mateusz\Downloads\Nowy folder\EasySetupAssistant\EasySetupAssistant.exe
    Task: {4DB649A3-150B-49A1-922C-3ACEAE92276D} - System32\Tasks\{6C76C690-355D-49D0-B18E-E06A0EC80868} => pcalua.exe -a "D:\Program Files (x86)\EA GAMES\Need for Speed Underground 2\Support\Need for Speed Underground 2_uninst.exe" -d "D:\Program Files (x86)\EA GAMES\Need for Speed Underground 2\Support"
    Task: {5A9ADF78-860E-4A96-BB23-D4CA10FC68E6} - System32\Tasks\{DD51BF64-4400-404D-804F-382087A67520} => pcalua.exe -a C:\Users\Mateusz\Downloads\CreativeOne-Setup.exe -d C:\Users\Mateusz\Downloads
    Task: {5CC62CB5-CBA5-41E3-B01C-355426F75FF5} - System32\Tasks\{DD36F5EB-64E7-4DF8-ADA1-371138B9427F} => pcalua.exe -a C:\Users\Mateusz\Desktop\Call_Of_Duty_Demo.exe -d C:\Users\Mateusz\Desktop




    Task: {66CF8D60-AFE2-482C-890C-8ACD9A9F9A02} - System32\Tasks\{54789D1F-3820-4DC6-BBA9-03B2FA3BF4A5} => pcalua.exe -a "C:\Program Files (x86)\Go HD\Uninstall.exe" -c /fcp=1
    Task: {671B5087-B4CA-45E4-A996-B36CAF93CAD5} - System32\Tasks\{69DB4866-0B81-45B0-A466-1B523B51668E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/pl/abandoninstall?page=tsProgressBar
    Task: {6E827A74-E479-4AA7-AD01-5FE0841E837C} - System32\Tasks\{0E6C7200-2C2C-4D28-B2C1-7BC481898FDF} => pcalua.exe -a "C:\Program Files (x86)\YTDownloader\YTDUninstall.exe" -d "C:\Program Files (x86)\YTDownloader"
    Task: {7A33D998-E9D8-43C4-9A6E-61904FC7FA16} - System32\Tasks\{DD115B70-BAB3-42F7-A4FD-20577E36C034} => Chrome.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pl/go/hel...?source=lightinstaller&amp;LastError=1638
    Task: {90920488-0AC3-4C30-8C51-011715490A21} - System32\Tasks\{CE211173-D68D-4E61-8401-4C6097E89E1C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pl/go/help.faq.installer?LastError=1638
    Task: {91030FF2-5AB0-4154-B214-6B06603E7A26} - \ChelfNotify Task -> Brak pliku <==== UWAGA
    Task: {9859FD53-BBFD-4E69-AE7A-BB324BC2CD4F} - System32\Tasks\Fairy Task => C:\Program Files (x86)\Toolbar Fairy\FairyScanner.exe
    Task: {A83DD648-104E-4A94-A1BE-B314675074E3} - System32\Tasks\{71978766-0898-4B36-B658-6A0A8D49BB6F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.81.104/pl/go/he...?source=lightinstaller&amp;LastError=1638
    Task: {B3184D08-CF50-497D-A506-736E0C2B9730} - System32\Tasks\{D9371EAD-7765-4BF9-AAC5-FD817BFEE8AC} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.81.104/pl/go/he...?source=lightinstaller&amp;LastError=1638
    Task: {D13CA3A5-F9B8-4F93-8526-0181A2739FB9} - System32\Tasks\{D5D30028-7700-4108-8C97-B626B53388C1} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.81.104/pl/go/he...?source=lightinstaller&amp;LastError=1638
    Task: {DDF43EC5-A234-49F7-8278-6512E1E556CB} - System32\Tasks\{53E67EA1-835C-4865-9027-4B474A3F3985} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.81.104/pl/aband...?source=lightinstaller&amp;page=tsInstall
    Task: {E0F0CCC8-D61D-4FEE-BDBB-638531CF3802} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe <==== UWAGA
    Task: {E80DA257-C911-40A1-8E2C-64F5214F36E6} - System32\Tasks\{DB1F1E92-AED9-4825-B258-AD9B89304EEB} => pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=17
    Task: {EA88CA74-6FCC-4C16-84C8-889469762411} - System32\Tasks\{9CA2DA20-F1FF-4AE8-8423-A4FEA67466BF} => pcalua.exe -a C:\Users\Mateusz\Downloads\ASIO4ALL_2_12_English.exe -d C:\Users\Mateusz\Downloads
    Task: {EB4FC92D-7576-4463-B289-6E05099B8A27} - System32\Tasks\Opera scheduled Autoupdate 1494506910 => C:\Program Files\Opera\launcher.exe [2017-05-08] (Opera Software)
    Task: {F49B7FB4-51FD-46B3-8F2B-05B731DF82DD} - System32\Tasks\{21C1523B-2874-4AEF-952A-D4A8432970AF} => pcalua.exe -a C:\Users\Mateusz\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=smt <==== UWAGA
    Task: {FD4C1CAC-8C0E-4E83-A29D-5E01AB2B07B9} - System32\Tasks\{E7C2D942-1449-4F57-B278-1C752EF9B117} => Chrome.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pl/go/help.faq.installer?LastError=1638
    Task: {FDE9E7BA-EC71-4C42-83C6-CECC2FAE753E} - System32\Tasks\{8912007D-DC7F-4BDB-8D08-D04C4B0CA171} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.81.104/pl/go/he...?source=lightinstaller&amp;LastError=1638
    Task: C:\Windows\Tasks\MathGeek.job => c:\programdata\{884c9aaf-dcb6-b682-884c-c9aafdcb6abf}\raport mniejszości - minority report -2002- [480p.brrip.xvid.ac3-azjatycki] [5-1] [eng - lektor pl] [at-team].exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...d=WDCXWD3200LPVX-22V0TT0_WD-WX11AB3V4970V4970
    ShortcutWithArgument: C:\Users\Mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...d=WDCXWD3200LPVX-22V0TT0_WD-WX11AB3V4970V4970
    2017-03-01 19:14 - 2017-03-01 08:02 - 00055992 _____ () C:\Program Files (x86)\Explorer\iedvutils.exe
    2017-05-12 16:31 - 2017-05-12 04:26 - 00101528 _____ () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
    2017-03-01 19:14 - 2017-03-01 08:02 - 01779896 _____ () C:\Program Files (x86)\Explorer\iedvtoolex.dll
    2017-03-01 19:14 - 2017-03-01 08:02 - 02177208 _____ () C:\Program Files (x86)\Explorer\WINNSI.DLL
    2017-02-27 19:01 - 2017-02-27 03:47 - 00113664 _____ () c:\programdata\apple\apple application support\support.dll
    2017-05-04 16:45 - 2017-05-09 16:40 - 00323584 _____ () C:\Users\Mateusz\AppData\Local\background_fault\bf.dll
    2017-05-08 14:19 - 2017-05-08 08:27 - 00105984 _____ () c:\programdata\microsoft\appv\setup\integrator.dll
    () C:\Program Files (x86)\Explorer\iedvutils.exe
    () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
    HKLM-x32\...\Run: [fst_pl_158] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1408503630-3036824600-2394758180-1000\...\Run: [background_fault] => C:\Users\Mateusz\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== UWAGA
    HKU\S-1-5-21-1408503630-3036824600-2394758180-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-1408503630-3036824600-2394758180-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1408503630-3036824600-2394758180-1000\...\MountPoints2: {07641b10-88e3-11e4-bb1d-b870f44f364b} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1408503630-3036824600-2394758180-1000\...\MountPoints2: {98ceab03-837e-11e4-b460-b870f44f364b} - H:\USBAutoRun.exe
    HKU\S-1-5-21-1408503630-3036824600-2394758180-1000\...\MountPoints2: {a0a9bfb3-c309-11e3-a994-806e6f6e6963} - E:\DriverPackSolution.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-16] (Microsoft Corporation)
    IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
    IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Brak pliku
    Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe [2016-06-06] ()
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...d=WDCXWD3200LPVX-22V0TT0_WD-WX11AB3V4970V4970
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...d=WDCXWD3200LPVX-22V0TT0_WD-WX11AB3V4970V4970
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...D3200LPVX-22V0TT0_WD-WX11AB3V4970V4970&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...d=WDCXWD3200LPVX-22V0TT0_WD-WX11AB3V4970V4970
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...d=WDCXWD3200LPVX-22V0TT0_WD-WX11AB3V4970V4970
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...D3200LPVX-22V0TT0_WD-WX11AB3V4970V4970&q={searchTerms}
    HKU\S-1-5-21-1408503630-3036824600-2394758180-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...D3200LPVX-22V0TT0_WD-WX11AB3V4970V4970&q={searchTerms}
    HKU\S-1-5-21-1408503630-3036824600-2394758180-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910...amp;GUID=00000000-0000-0000-0000-000000000000
    HKU\S-1-5-21-1408503630-3036824600-2394758180-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...d=WDCXWD3200LPVX-22V0TT0_WD-WX11AB3V4970V4970
    HKU\S-1-5-21-1408503630-3036824600-2394758180-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...D3200LPVX-22V0TT0_WD-WX11AB3V4970V4970&q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&t...d=WDCXWD3200LPVX-22V0TT0_WD-WX11AB3V4970V4970
    FF user.js: detected! => C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\vymbktwx.default\user.js [2017-03-17]
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [nie znaleziono]
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [nie znaleziono]
    FF ProfilePath: C:\Users\Mateusz\AppData\Roaming\Firefox\Firefox\Profiles\sya1rc8d.default [2017-05-12]
    FF Extension: (FF Adr) - C:\Users\Mateusz\AppData\Roaming\Firefox\Firefox\Profiles\sya1rc8d.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-27] [Brak podpisu cyfrowego]
    FF Extension: (Polski Language Pack) - C:\Users\Mateusz\AppData\Roaming\Firefox\Firefox\Profiles\sya1rc8d.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-05-12] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\Mateusz\AppData\Roaming\Firefox\Firefox\Profiles\sya1rc8d.default\searchplugins\startsearch.xml [2017-05-12]
    CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=c39f2ef2959cc34a66a6357gez0maw3teg6efq8gbm
    CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1475910617&from=fb081008&uid=wdcxwd3200lpvx-22v0tt0_wd-wx11ab3v4970v4970&z=c39f2ef2959cc34a66a6357gez0maw3teg6efq8gbm"
    CHR DefaultSearchURL: Default -> hxxp://www.ourluckysites.com/search/?type=ds&...D3200LPVX-22V0TT0_WD-WX11AB3V4970V4970&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> ourluckysites
    CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx <nie znaleziono>
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.ourluckysites.com/?type=sc&ts=...d=WDCXWD3200LPVX-22V0TT0_WD-WX11AB3V4970V4970
    R2 3DM; C:\Users\Mateusz\AppData\Local\3DM\Kitty.dll [754688 2017-04-19] (kitty.exe) [Brak podpisu cyfrowego]
    R2 ANSARE; C:\Users\Mateusz\AppData\Local\ANSARE\Snare.dll [826368 2017-05-08] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [113664 2017-02-27] () [Brak podpisu cyfrowego]
    R2 BIT; C:\ProgramData\BIT\BIT.dll [1858048 2017-05-11] (BIT.dll) [Brak podpisu cyfrowego]
    S2 EggperSU; C:\Users\Mateusz\AppData\Local\Temp\1\GoogleUpdats.exe [153752 2017-05-09] (Google Inc.) <==== UWAGA
    R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [101528 2017-05-12] () <==== UWAGA
    S2 GubedZL; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
    R2 iedvutils; C:\Program Files (x86)\Explorer\iedvutils.exe [55992 2017-03-01] ()
    S2 IlS; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    S2 IlS; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
    R2 Kitty; C:\Users\Mateusz\AppData\Local\Kitty\Kitty.dll [124928 2017-05-04] (kitty) [Brak podpisu cyfrowego] <==== UWAGA
    S2 NPASRE; C:\Users\Mateusz\AppData\Local\NPASRE\Snare.dll [830464 2017-05-10] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    R2 SANARE; C:\Users\Mateusz\AppData\Local\SANARE\Snare.dll [826368 2017-05-04] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    R2 SNARE; C:\Users\Mateusz\AppData\Local\SNARE\Snare.dll [826368 2017-05-02] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    R2 SNAREA; C:\Users\Mateusz\AppData\Local\SNAREA\Snare.dll [826368 2017-05-03] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA
    R2 VNASRE; C:\Users\Mateusz\AppData\Local\VNASRE\Snare.dll [826368 2017-05-09] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    R2 WANARE; C:\Users\Mateusz\AppData\Local\WANARE\Snare.dll [826368 2017-05-05] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    R2 WinAppSvr; C:\ProgramData\Microsoft\AppV\sym\dbg.dll [109056 2017-05-12] (TODO: <Company name>) [Brak podpisu cyfrowego]
    R2 WinInstallSvc; C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll [105984 2017-05-08] () [Brak podpisu cyfrowego]
    R2 WinSAPSvc; C:\Users\Mateusz\AppData\Roaming\WinSAPSvc\WinSAP.dll [585216 2017-05-09] (serviec) [Brak podpisu cyfrowego] <==== UWAGA
    R2 WinSnare; C:\Users\Mateusz\AppData\Roaming\WINSNARE\WinSnare.dll [1291776 2017-04-05] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    S2 CornerSunshineSvc; "C:\Program Files (x86)\Corner Sunshine\CornerSunshineSvc.exe" {8A712DBD-E08B-4D5C-839D-1B9C185FE769} [X]
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S3 ServiceLayer; "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe" [X]
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) <==== UWAGA
    S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S1 p1481299943am; \??\C:\Users\Mateusz\AppData\Local\Temp\bkA332.tmp\p1481299943am.sys [X] <==== UWAGA
    S1 p1481742460am; \??\C:\Users\Mateusz\AppData\Local\Temp\bkB0F7.tmp\p1481742460am.sys [X] <==== UWAGA
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2017-05-12 16:31 - 2017-05-12 16:40 - 00000000 ____D C:\Program Files (x86)\Firefox
    2017-05-12 16:30 - 2017-05-12 16:30 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Eggper
    2017-05-11 14:48 - 2017-05-11 14:48 - 00003874 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1494506910
    2017-05-11 12:55 - 2017-05-11 14:14 - 00000000 _____ C:\Windows\SysWOW64\3333333
    2017-05-11 12:55 - 2017-05-11 14:13 - 00000000 _____ C:\Windows\SysWOW64\1111111
    2017-05-11 12:55 - 2017-05-11 14:13 - 00000000 _____ C:\Windows\SysWOW64\00
    2017-05-11 12:54 - 2017-05-11 14:14 - 00000000 ____D C:\Users\Mateusz\AppData\Local\NPASRE
    2017-05-09 16:32 - 2017-05-09 16:32 - 00000000 ____D C:\Users\Mateusz\AppData\Local\VNASRE
    2017-05-09 15:03 - 2017-05-12 16:30 - 00000000 _____ C:\Windows\SysWOW64\1111
    2017-05-08 14:49 - 2017-05-08 14:49 - 00000000 ____D C:\Users\Mateusz\AppData\Local\ANSARE
    2017-05-08 14:35 - 2017-05-08 14:35 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Bookness
    2017-05-08 14:20 - 2017-05-08 14:20 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Bookness
    2017-05-08 14:19 - 2017-05-11 19:31 - 00000000 ____D C:\Users\Public\Documents\Google
    2017-05-08 14:18 - 2017-05-08 14:22 - 00000000 ____D C:\Users\Public\Documents\temp
    2017-05-05 14:36 - 2017-05-05 14:36 - 00000000 _____ C:\Windows\SysWOW64\2
    2017-05-05 14:35 - 2017-05-05 14:35 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Google
    2017-05-05 14:22 - 2017-05-05 14:22 - 00000000 ____D C:\Users\Mateusz\AppData\Local\WANARE
    2017-05-05 14:22 - 2017-05-05 14:22 - 00000000 ____D C:\ProgramData\BIT
    2017-05-04 16:45 - 2017-05-10 08:15 - 00000000 ____D C:\Users\Mateusz\AppData\Local\background_fault
    2017-05-04 14:15 - 2017-05-11 14:13 - 00000000 _____ C:\Windows\SysWOW64\11
    2017-05-04 14:15 - 2017-05-04 14:15 - 00000000 ____D C:\Users\Mateusz\AppData\Local\SANARE
    2017-05-03 17:19 - 2017-05-03 17:19 - 00000837 _____ C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
    2017-05-03 13:29 - 2017-05-03 13:29 - 00000000 ____D C:\Users\Mateusz\AppData\Local\SNAREA
    2017-04-28 16:02 - 2017-04-28 16:02 - 00001275 _____ C:\Users\Mateusz\Desktop\IdleMaster.lnk
    2017-04-28 15:25 - 2017-04-28 15:25 - 00000000 ____D C:\Users\Mateusz\AppData\Local\IdleMaster
    2017-04-28 15:23 - 2017-04-28 16:27 - 00000000 ____D C:\Users\Mateusz\Downloads\saas
    2017-04-27 14:12 - 2017-05-05 14:23 - 00003508 _____ C:\Windows\System32\Tasks\Windows-PG
    2017-04-27 14:12 - 2017-05-04 14:16 - 00000000 ____D C:\Windows\psgo
    2017-04-20 08:39 - 2017-05-11 14:13 - 00000000 _____ C:\Windows\SysWOW64\22
    2017-04-19 08:51 - 2017-04-19 08:51 - 00000000 ____D C:\Users\Mateusz\AppData\Local\3DM
    2017-04-13 13:10 - 2017-04-21 10:56 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Kitty
    2017-04-13 12:09 - 2017-05-02 10:57 - 00000000 ____D C:\Users\Mateusz\AppData\Local\SNARE
    2017-05-12 16:49 - 2014-09-23 18:48 - 00000000 ____D C:\AdwCleaner
    2017-05-12 16:31 - 2016-09-30 17:07 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-05-12 16:30 - 2017-04-01 09:19 - 00003604 _____ C:\Windows\System32\Tasks\Milimili
    2017-05-12 16:30 - 2017-02-24 14:56 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\WinSAPSvc
    2017-05-12 16:30 - 2016-09-29 15:30 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-04-21 07:46 - 2017-04-05 14:08 - 00000000 ____D C:\Users\Mateusz\AppData\Local\clean
    2017-04-14 10:16 - 2017-04-06 06:36 - 00000000 _____ C:\Windows\SysWOW64\4
    2015-04-11 07:46 - 2015-04-11 07:50 - 0005669 _____ () C:\Users\Mateusz\AppData\Roaming\data.zip
    2016-11-12 10:20 - 2016-11-12 10:23 - 0044066 _____ () C:\Users\Mateusz\AppData\Roaming\ICSW_1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1ItJ1V0A0V0A0S0T.txt
    2006-05-20 16:52 - 2014-04-13 17:06 - 0017452 ____H () C:\Users\Mateusz\AppData\Roaming\logs.dat
    2015-04-11 07:52 - 2015-04-11 07:52 - 0004585 _____ () C:\Users\Mateusz\AppData\Roaming\POL_4265.zip
    2014-12-14 12:31 - 2014-12-29 10:48 - 0022024 _____ () C:\ProgramData\.sys
    2015-02-12 10:51 - 2015-02-12 10:51 - 0000016 _____ () C:\ProgramData\mntemp
    2014-06-19 14:32 - 2014-06-19 14:32 - 0000000 _____ () C:\ProgramData\spds90.txt
    2015-09-06 20:57 - 2015-09-06 20:57 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • CControls
  • Pomocny post
    #4 12 Maj 2017 21:30
    Kolobos
    Spec od komputerów

    Nadal masz na liscie:
    AliExpress version 1.1.0.5019 <- mozesz usunac z listy przy pomocy regedit (z klucz uninstall)
    amuleC
    BitComet Packages
    YAC(Yet Another Cleaner!)
    Odinstaluj o ile sie uda lub usun z listy.

    Nowy Fixlist.txt:
    2017-05-12 19:36 - 2017-05-12 19:36 - 00000000 ____D C:\AdwCleaner
    2017-05-12 21:07 - 2017-04-11 15:42 - 00000000 ____D C:\Users\Mateusz\AppData\Local\SNARER
    2017-05-12 19:21 - 2017-03-01 19:14 - 00000000 ____D C:\Program Files (x86)\Explorer

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #5 12 Maj 2017 22:26
    iFalcon
    Poziom 2  

    Wszystko zrobiłem. Działa. Dziękuję serdecznie za pomoc.
    Pozdrawiam

    0