Prośba o analizę logów - amisites.com


(Kurt_Hectic) #1

FRST
Addition
Shortcut


(Acorus) #2

Odinstaluj amuleC,Java 7 Update 79 (64-bit),Java SE Development Kit 7 Update 79 (64-bit),WinSnare,YAC(Yet Another Cleaner!).Otwórz notatnik systemowy i wklej:

CloseProcesses:
HKU\S-1-5-21-3237276978-3237574648-343952042-1003…\ChromeHTML: -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.) <==== UWAGA
Task: {0C3097A4-1200-4C3C-9E18-6139CAA1A595} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRssReader\BikaQ.exe [2016-12-06] (IEC)
Task: {A746733F-8911-407D-BD68-9B7568C7BFD0} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\WintoolUprI.exe [2017-01-18] ()
Task: {D54DDDC1-96D6-49FA-A2ED-C15D55D3CBC9} - System32\Tasks\Fuderrtepy Launcher => C:\Program Files (x86)\Bationcqoty\prcase.exe [2016-12-08] (Glarysoft Ltd)
ShortcutWithArgument: C:\Users\Lucjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166
ShortcutWithArgument: C:\Users\Lucjan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1482921128&z=d477851738dca6bc319aa16g3z1bcoft9obg4g3o8b&from=che0812&uid=ADATAXSP550_2G3620049166
ShortcutWithArgument: C:\Users\Lucjan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1484050914&z=59c38a76a16be2033700775gfzeb5zbecw2eft4g8o&from=archer1028&uid=ADATAXSP550_2G3620049166
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1484050914&z=59c38a76a16be2033700775gfzeb5zbecw2eft4g8o&from=archer1028&uid=ADATAXSP550_2G3620049166
ShortcutWithArgument: C:\Users\Lucjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166
ShortcutWithArgument: C:\Users\Lucjan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1482921128&z=d477851738dca6bc319aa16g3z1bcoft9obg4g3o8b&from=che0812&uid=ADATAXSP550_2G3620049166
ShortcutWithArgument: C:\Users\Lucjan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1484050914&z=59c38a76a16be2033700775gfzeb5zbecw2eft4g8o&from=archer1028&uid=ADATAXSP550_2G3620049166
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1484050914&z=59c38a76a16be2033700775gfzeb5zbecw2eft4g8o&from=archer1028&uid=ADATAXSP550_2G3620049166
IFEO\MRT.exe: [Debugger] C:\Program Files (x86)\Bationcqoty_ALLOWDEL_1ab5f93d\Gubed.exe -Yrrehs
ShellExecuteHooks: Brak nazwy - {3AA825D8-AA1B-11E6-A4C8-64006A5CFC23} - C:\Users\Lucjan\AppData\Roaming\Gracult\Sohinghhersh.dll -> Brak pliku
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1484050914&z=59c38a76a16be2033700775gfzeb5zbecw2eft4g8o&from=archer1028&uid=ADATAXSP550_2G3620049166
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1484050914&z=59c38a76a16be2033700775gfzeb5zbecw2eft4g8o&from=archer1028&uid=ADATAXSP550_2G3620049166
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1484050914&z=59c38a76a16be2033700775gfzeb5zbecw2eft4g8o&from=archer1028&uid=ADATAXSP550_2G3620049166
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1484050914&z=59c38a76a16be2033700775gfzeb5zbecw2eft4g8o&from=archer1028&uid=ADATAXSP550_2G3620049166
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166&q={searchTerms}
HKU\S-1-5-21-3237276978-3237574648-343952042-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1482921128&z=d477851738dca6bc319aa16g3z1bcoft9obg4g3o8b&from=che0812&uid=ADATAXSP550_2G3620049166&q={searchTerms}
HKU\S-1-5-21-3237276978-3237574648-343952042-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1484050914&z=59c38a76a16be2033700775gfzeb5zbecw2eft4g8o&from=archer1028&uid=ADATAXSP550_2G3620049166
HKU\S-1-5-21-3237276978-3237574648-343952042-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1484050914&z=59c38a76a16be2033700775gfzeb5zbecw2eft4g8o&from=archer1028&uid=ADATAXSP550_2G3620049166
HKU\S-1-5-21-3237276978-3237574648-343952042-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1482921128&z=d477851738dca6bc319aa16g3z1bcoft9obg4g3o8b&from=che0812&uid=ADATAXSP550_2G3620049166&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166&q={searchTerms}
SearchScopes: HKLM -> {65943D0B-730B-4F7C-95BF-CC730B9F13C2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166&q={searchTerms}
SearchScopes: HKLM-x32 -> {65943D0B-730B-4F7C-95BF-CC730B9F13C2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
Edge HomeButtonPage: HKU\S-1-5-21-3237276978-3237574648-343952042-1003 -> hxxp://www.amisites.com/?type=hp&ts=1482487327&z=e4c253349b767d4cc481905g2z8b0o0zbb1mdccoez&from=che0812&uid=ADATAXSP550_2G3620049166
FF DefaultSearchEngine: Firefox\Firefox\Profiles\p3krqzqm.default -> luck
FF SearchEngineOrder.1: Firefox\Firefox\Profiles\p3krqzqm.default -> luck
FF SelectedSearchEngine: Firefox\Firefox\Profiles\p3krqzqm.default -> luck
FF Homepage: Firefox\Firefox\Profiles\p3krqzqm.default -> hxxp://www.searchinme.com/?type=hp&ts=1486279098181&z=&from=official&uid=ADATAXSP550_2G3620049166
FF SearchPlugin: C:\Users\Lucjan\AppData\Roaming\Firefox\Firefox\Profiles\p3krqzqm.default\searchplugins\amisites.xml [2017-01-10]
FF SearchPlugin: C:\Users\Lucjan\AppData\Roaming\Firefox\Firefox\Profiles\p3krqzqm.default\searchplugins\searchinme.xml [2016-12-13]
CHR HomePage: Default -> hxxp://www.luckysearch123.com?type=hp&ts=1487239151&from=14a10216&uid=adataxsp550_2g3620049166&z=9bdba83002d4f50dd7e8e81g0z0bbm9o2c6t6g7wee
CHR StartupUrls: Default -> "hxxp://www.luckysearch123.com?type=hp&ts=1487239151&from=14a10216&uid=adataxsp550_2g3620049166&z=9bdba83002d4f50dd7e8e81g0z0bbm9o2c6t6g7wee"
CHR DefaultSearchURL: Default -> hxxp://www.luckysearch123.com/search.php?type=ds&ts=1487239151&from=14a10216&uid=adataxsp550_2g3620049166&z=9bdba83002d4f50dd7e8e81g0z0bbm9o2c6t6g7wee&q={searchTerms}
CHR DefaultSearchKeyword: Default -> luck
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda)
R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [526848 2017-02-04] () [Brak podpisu cyfrowego] <==== UWAGA
R2 Themes; C:\Windows\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
2017-02-14 11:09 - 2017-02-14 11:09 - 00003352 _____ C:\Windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-02-14 11:09 - 2017-02-14 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-02-14 11:09 - 2017-02-14 11:09 - 00000000 ____D C:\Program Files (x86)\cvbs0
2017-02-14 11:09 - 2017-02-14 11:09 - 00000000 ____D C:\Program Files (x86)\bilibili
2017-02-14 11:09 - 2017-02-14 11:09 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader
2017-02-09 19:22 - 2017-02-09 19:22 - 00000000 ____D C:\Users\Lucjan\AppData\Roaming\Elex-tech
2017-02-09 19:22 - 2016-05-23 03:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2017-02-09 19:22 - 2016-05-19 07:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2017-02-04 11:57 - 2017-02-04 11:57 - 00000000 ____D C:\Program Files (x86)\amuleC3
2017-02-14 11:09 - 2017-01-09 14:30 - 00000000 ____D C:\Program Files (x86)\4vxrpkfw
2017-02-14 11:09 - 2016-12-08 13:33 - 00000000 ____D C:\Program Files (x86)\Bationcqoty
2017-02-13 13:43 - 2017-01-09 14:33 - 00000000 ____D C:\Users\Lucjan\AppData\Roaming\WinSnare
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Uruchom jako administrator FRST i kliknij w Fix/Napraw.
Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan(Skanuj) i później Cleaning(Oczyść).