Jak rozwija menu kontekstowe to zamiast winrara czy 7zipa ma chińskie znaczki i inne pierdoły. Robiłem ADWCleanerem i ręcznie wywalałem nieznany mi śmietnik.
Loga:
FRST
Shortcuts
nie potrafie znaleźć darmowego programu który byłby za darmo
---------------------------------------------------------------------------------------
sprawdź czy na systemie jest system
CHR DefaultProfile: ChromeDefaultData2
C:\Program Files\E<DED\X64\KZipShell.dll
RemoveDirectory: C:\Program Files (x86)\Grosertionlqigh Client
RemoveDirectory: C:\Program Files\E<DED
RemoveDirectory: C:\Program Files (x86)\Hidupyplumole
RemoveDirectory: C:\Program Files (x86)\Fseckstusisy
RemoveDirectory: C:\Users\TZieba.RRC\AppData\Roaming\Torsparanupy
RemoveDirectory: C:\Users\TZieba.RRC\AppData\Roaming\Dahichplaruly
Task: {EAC59B69-1B06-4EB7-9037-38DFC8A1EEED} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
Task: {BA41928F-35AC-4710-90E0-B52672B6EB64} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
Task: {A44242CF-34C7-4688-8B4C-2D5915E93941} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
Task: {810CEDF3-EDEE-4D9C-AEC8-2F36F71BBB8D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {7C013F99-93E0-46D7-A7E9-615F8E139BFA} - System32\Tasks\Zuzach Engine => C:\Program Files (x86)\Hidupyplumole\tizoch.exe
Task: {78E9C992-D980-42D8-A295-B6BC99BDA93F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: {2A820F84-C499-440E-B8A6-57526531CA88} - System32\Tasks\Grosertionlqigh Client => C:\Program Files (x86)\Fseckstusisy\sherzas.exe [2017-01-20] (Glarysoft Ltd)
Task: {0812DFED-51C3-4BAE-84E7-DD02DF6CE156} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {A0EF4797-6E8F-4F70-A2FD-65CAF04767C6} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-01-22] ()
2017-01-20 15:46 - 2017-01-20 15:46 - 7316480 _____ () C:\Users\TZieba.RRC\AppData\Roaming\agent.dat
2017-01-20 15:46 - 2017-01-20 15:46 - 0070752 _____ () C:\Users\TZieba.RRC\AppData\Roaming\Config.xml
2017-01-20 15:46 - 2017-01-20 15:46 - 0016224 _____ () C:\Users\TZieba.RRC\AppData\Roaming\InstallationConfiguration.xml
2017-01-20 15:46 - 2017-01-20 15:46 - 0140288 _____ () C:\Users\TZieba.RRC\AppData\Roaming\Installer.dat
2017-01-20 15:46 - 2017-01-20 15:46 - 0018432 _____ () C:\Users\TZieba.RRC\AppData\Roaming\Main.dat
2017-01-20 15:46 - 2017-01-20 15:46 - 0005568 _____ () C:\Users\TZieba.RRC\AppData\Roaming\md.xml
2017-01-20 15:46 - 2017-01-20 15:46 - 0126464 _____ () C:\Users\TZieba.RRC\AppData\Roaming\noah.dat
2015-08-20 12:56 - 2017-01-23 10:15 - 0024190 _____ () C:\Users\TZieba.RRC\AppData\Roaming\Notepad2.ini
2017-01-20 15:46 - 2017-01-20 15:46 - 0278519 _____ () C:\Users\TZieba.RRC\AppData\Roaming\Ozerplus.bin
2017-01-20 15:46 - 2017-01-20 15:46 - 1938532 _____ () C:\Users\TZieba.RRC\AppData\Roaming\SilHotwarm.bin
2017-01-20 15:46 - 2017-01-20 15:46 - 0983040 _____ () C:\Users\TZieba.RRC\AppData\Roaming\SumTom.exe
2017-01-20 15:46 - 2017-01-20 15:46 - 1908559 _____ () C:\Users\TZieba.RRC\AppData\Roaming\SumTom.tst
2017-01-20 15:46 - 2017-01-20 15:46 - 0032038 _____ () C:\Users\TZieba.RRC\AppData\Roaming\uninstall_temp.ico
2017-01-20 15:46 - 2017-01-20 15:46 - 00000000 ____D C:\Program Files (x86)\pccleanplus
2017-01-20 15:22 - 2017-01-20 15:46 - 00000000 ____D C:\Users\TZieba.RRC\AppData\Local\AdvinstAnalytics
2017-01-20 15:09 - 2017-01-23 08:58 - 00000000 ____D C:\Program Files (x86)\Fseckstusisy
2017-01-20 15:09 - 2017-01-20 15:52 - 00000000 ____D C:\Users\TZieba.RRC\AppData\Roaming\Dahichplaruly
2017-01-20 15:09 - 2017-01-20 15:09 - 00006112 _____ C:\WINDOWS\System32\Tasks\Grosertionlqigh Client
2017-01-20 15:09 - 2017-01-20 15:09 - 00000000 ____D C:\Users\TZieba.RRC\AppData\Local\Mapeck
2017-01-20 15:09 - 2017-01-20 15:09 - 00000000 ____D C:\ProgramData\Avira
2017-01-20 15:09 - 2017-01-20 15:09 - 00000000 ____D C:\ProgramData\Avg
2017-01-20 15:09 - 2017-01-20 15:09 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-20 15:09 - 2017-01-20 15:09 - 00000000 ____D C:\Program Files (x86)\Grosertionlqigh Client
2017-01-20 15:08 - 2017-01-23 10:44 - 00000000 ____D C:\Program Files (x86)\626d146c-8e44-4dc9-aa54-c2409078952d1484921333
2017-01-20 15:06 - 2017-01-20 15:06 - 00000000 ____D C:\ProgramData\Microleaves
2017-01-20 15:04 - 2017-01-20 15:04 - 00000000 ____D C:\Users\TZieba.RRC\AppData\Local\UCBrowser
2017-01-20 15:03 - 2017-01-20 15:03 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-20 15:03 - 2017-01-20 15:03 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-22 08:12 - 2017-01-22 08:12 - 00000000 ____D C:\Program Files\kwuwnjk3
2017-01-20 15:51 - 2017-01-23 08:58 - 00000000 ____D C:\Program Files (x86)\Hidupyplumole
2017-01-20 15:51 - 2017-01-20 16:03 - 00000000 ____D C:\Users\TZieba.RRC\AppData\Roaming\Torsparanupy
2017-01-20 15:51 - 2017-01-20 15:51 - 00006036 _____ C:\WINDOWS\System32\Tasks\Zuzach Engine
2017-01-20 15:51 - 2017-01-20 15:51 - 00000000 ____D C:\Users\TZieba.RRC\AppData\Local\Jemety
2017-01-20 15:51 - 2017-01-20 15:51 - 00000000 ____D C:\Program Files (x86)\Zuzach Engine
2017-01-20 15:46 - 2017-01-23 10:16 - 00000000 ____D C:\ProgramData\Logic Handler
2017-01-23 00:05 - 2017-01-23 00:05 - 00000000 ____D C:\Program Files\E<DED
2017-01-22 12:14 - 2017-01-22 16:14 - 00000000 ____D C:\Program Files\f09er35s
2017-01-22 09:09 - 2017-01-22 17:09 - 00000000 ____D C:\Program Files (x86)\kwuwnjk3
2017-01-22 08:15 - 2017-01-22 08:15 - 00003638 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-01-22 08:15 - 2017-01-22 08:15 - 00000000 ____D C:\Program Files (x86)\MIO
S3 ewusbmbb; \SystemRoot\System32\drivers\ewusbwwan.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
CHR DefaultProfile: ChromeDefaultData2
CHR Profile: C:\Users\TZieba.RRC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-01-23] <==== UWAGA
CHR Extension: (Brak nazwy) - C:\Users\TZieba.RRC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-23]
CHR Extension: (Brak nazwy) - C:\Users\TZieba.RRC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-23]
CHR Extension: (Brak nazwy) - C:\Users\TZieba.RRC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-23]
CHR Extension: (Brak nazwy) - C:\Users\TZieba.RRC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-23]
CHR Extension: (uBlock Origin) - C:\Users\TZieba.RRC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-01-23]
CHR Extension: (Adobe Acrobat) - C:\Users\TZieba.RRC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-23]
CHR Extension: (Brak nazwy) - C:\Users\TZieba.RRC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-23]
CHR Extension: (Brak nazwy) - C:\Users\TZieba.RRC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TZieba.RRC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Brak nazwy) - C:\Users\TZieba.RRC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-23]
CHR Extension: (Chrome Media Router) - C:\Users\TZieba.RRC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-23]
HKU\S-1-5-21-3985409602-888539743-1935948570-1316\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmoryMdd11h8aIdDsBm7FkOX5noa_xRWgh5MzivavmonzrMJ4jtqKWZu4fGjcJSsj0Q2MfMfBIXDbTJFGyvPagrtGMbAzeF7A7RqJRi_ivV6e7MWvKsiyzW9a7JzZh6jMJENuYaKR0804L8jBk4Z3sFaMuhdAE&q={searchTerms}
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\E<DED\X64\KZipShell.dll [2017-01-23] ()
GroupPolicy: Ograniczenia <======= UWAGA
ShellExecuteHooks: Brak nazwy - {62AC4806-DC66-11E6-9D92-64006A5CFC23} - C:\Users\TZieba.RRC\AppData\Roaming\Dahichplaruly\Reamaward.dll -> Brak pliku
ShellExecuteHooks: Brak nazwy - {0AAE96C8-DE2A-11E6-9E44-64006A5CFC35} - C:\Users\TZieba.RRC\AppData\Roaming\Torsparanupy\Kobosy.dll -> Brak pliku
HKU\S-1-5-18\...\Run: [] => 0
HKLM\...\Providers\kwuwnjk3: C:\Program Files (x86)\Grosertionlqigh Client\local64spl.dll [290816 2017-01-20] ()
ShortcutWithArgument: C:\Users\TZieba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\TZieba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
HOSTS:
EmptyTemp:
C:\Users\TZieba.RRC\Desktop\ADC Pricelist.lnk
C:\Users\TZieba.RRC\Desktop\waE<ne do sprzedaE<y\ADC Pricelist.lnk
C:\Users\TZieba.RRC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gadu-Gadu.lnk
DeleteQuarantine:
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 5 gości