Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunąć Safe Finder - Logi z FRST

borrek97 14 Mar 2016 22:20 708 4
  • #1 14 Mar 2016 22:20
    borrek97
    Poziom 2  

    Witam. Jestem laikiem w tych sprawach, lecz podczas ściągnięcia niby nie groźnego programu pościągało mi się strasznie dużo szkodliwych robaków. Większość z nich usunąłem lecz został ten nieszczęsny Safe Finder, poczytałem trochę o tym lecz nie znam się na pisaniu logów. Tutaj jest moja prośba o pomoc w napisaniu logów do programu FRST. Pliki FRST i Addition podąłem w załączniku. Za wszelką pomoc z góry dziękuje.

    1 4
  • #2 14 Mar 2016 22:35
    Kolobos
    Spec od komputerów

    Nie sciagaj z dobrychprogramow przy pomocy ich szkodliwego menadzera pobierania, najlepiej w ogole niczego nie sciagaj bo nie wychodzi Ci to najlepiej.
    AR to darmowy program, wiec jak mozna byc tak naiwnym i sciagnac: Adobe Reader XI 11.0.10 (Multi )( Latest Version )( PDF Reader )( Serial ) FULL.rar?

    Odinstaluj: McAfee Security Scan Plus

    Fixlist.txt dla FRST:
    Task: {0CE8CD8A-1CFA-4D22-AB19-182BF50FA148} - System32\Tasks\PriceFountainUpdateVer => C:\Users\Borki\AppData\Roaming\PRICEF~2\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: {162C9252-F9D4-4A98-BAA4-A83F05D78767} - System32\Tasks\BorkiUnpitedAbsencesV2 => Rundll32.exe IntrudinglyVasoinhibitor.dll,main 7 1 <==== UWAGA
    Task: {1D2E7B77-66BE-4EE8-871E-B73A2CE276D5} - System32\Tasks\BorkiTransfiguringYmcaV2 => Rundll32.exe ModernizedChina.dll,main 7 1 <==== UWAGA
    Task: {86E5E2E9-4F5B-4588-8581-FE7E6AE39DEE} - System32\Tasks\Lhqycdi => C:\PROGRA~1\SHOPPE~1\Ghqau.bat
    Task: {B4E57355-0199-426A-B662-790218C9F88C} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe [2016-03-11] ()
    Task: {DFC9484A-08C0-42F1-BBAD-83854C60A994} - System32\Tasks\Iwufroh => C:\PROGRA~1\GROOVE~1\Kefdhn.bat
    Task: {E3ABF467-570F-486B-8611-7FA2FF7FD0E5} - System32\Tasks\{8375CA36-9511-477F-A5AD-258842D7ADFE} => pcalua.exe -a C:\Users\Borki\AppData\Roaming\yoursearching\UninstallManager.exe -c -ptid=brd
    Task: {F74CE787-3CA8-47D7-9ABB-DB2521906F16} - System32\Tasks\IBUpd2 => C:\Users\Borki\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== UWAGA
    Task: {F96FDF95-9455-433C-83BE-97BCE7006C97} - System32\Tasks\Price Fountain => C:\Users\Borki\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Borki\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: C:\Windows\Tasks\PriceFountainUpdateVer.job => C:\Users\Borki\AppData\Roaming\PRICEF~2\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    ShortcutWithArgument: C:\Users\Borki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Borki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    Hosts:
    () C:\ProgramData\AppxelosknoK\AppxelosknoK.exe
    () C:\ProgramData\CloudPrinter\CloudPrinter.exe
    () C:\Users\Borki\AppData\Roaming\EfugCoywiko\Fidlyi.exe
    () C:\Program Files (x86)\670FBDC0-1457979197-11DF-BC87-BCAEC59587B3\jnsa3D1C.tmp
    (RayDl) C:\Program Files (x86)\RayDld\ihpmServer.exe
    () C:\Users\Borki\AppData\Roaming\Epiofpeec\Epiofpeec.exe
    () C:\Program Files\ktip\ktip.exe
    () C:\Users\Borki\AppData\Roaming\Epiofpeec\Jivjejonir.exe
    () C:\Users\Borki\AppData\Roaming\Epiofpeec\Ilylbe.exe




    (© 2015 Microsoft Corporation) C:\Users\Borki\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
    () C:\Program Files (x86)\670FBDC0-1457979197-11DF-BC87-BCAEC59587B3\knsf2523.tmpfs
    () C:\Program Files\REACHit\REACHit.exe
    () C:\Users\Borki\AppData\Roaming\Lujdawnoa\Lujdawnoa.exe
    () C:\Users\Borki\AppData\Roaming\Lujdawnoa\Metsaokg.exe
    () C:\Users\Borki\AppData\Roaming\Lujdawnoa\Cagtyowpo.exe
    () C:\Users\Borki\AppData\Local\dontouch.exe
    (TFuns LIMITED) C:\ProgramData\FWdMF\WdMan.exe
    () C:\Program Files (x86)\670FBDC0-1457979197-11DF-BC87-BCAEC59587B3\hnsk54D2.tmp
    () C:\Program Files\REACHit\packages\e0875f71-840c-4d0b-b3a0-005518a68d45\amdide.exe
    () C:\ProgramData\AppxelosknoK\AppxelosknoK.exe
    HKLM\...\Run: [IDSCPRODUCT] => C:\Program Files (x86)\Hostify\\idscservice.exe [247296 2016-03-14] ()
    HKLM-x32\...\Run: [ospd_us_013010267] => [X]
    HKLM-x32\...\Run: [win_en_77] => [X]
    HKLM-x32\...\Run: [sun21] => [X]
    HKLM-x32\...\Run: [un] => C:\Users\Borki\AppData\Local\Temp\un.exe /start <===== UWAGA
    HKLM-x32\...\Run: [rec_pl_225] => [X]
    HKU\S-1-5-21-1762389328-4058911699-1686794659-1001\...\Run: [BingSvc] => C:\Users\Borki\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-19] (© 2015 Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-01-10] (Microsoft Corporation)
    AppInit_DLLs: C:\ProgramData\AppxelosknoK\Redhome.dll => C:\ProgramData\AppxelosknoK\Redhome.dll [363520 2016-03-14] ()
    AppInit_DLLs-x32: C:\ProgramData\AppxelosknoK\Stocksoft.dll => C:\ProgramData\AppxelosknoK\Stocksoft.dll [257536 2016-03-14] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-20]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{67D68747-747C-4061-AFCF-B9B34025F020}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
    HKU\S-1-5-21-1762389328-4058911699-1686794659-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...mmCjpsFtpjtDwtQOnmoyP4wg1s-vYtHjKqJdAv&q={searchTerms}
    HKU\S-1-5-21-1762389328-4058911699-1686794659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...WPmJwj-qadQneU4FfaPYpEozKC2EwnZ0L-kahmCIg51NO
    HKU\S-1-5-21-1762389328-4058911699-1686794659-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...mmCjpsFtpjtDwtQOnmoyP4wg1s-vYtHjKqJdAv&q={searchTerms}
    HKU\S-1-5-21-1762389328-4058911699-1686794659-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...mmCjpsFtpjtDwtQOnmoyP4wg1s-vYtHjKqJdAv&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...mmCjpsFtpjtDwtQOnmoyP4wg1s-vYtHjKqJdAv&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1762389328-4058911699-1686794659-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...mmCjpsFtpjtDwtQOnmoyP4wg1s-vYtHjKqJdAv&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1762389328-4058911699-1686794659-1001 -> {BD62659D-87E7-47EB-AD01-4A2C86D4EF71} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G3EzAMOBL14007,90d990c0-65cc-4f3a-9cc7-c5cf824c2c56,
    SearchScopes: HKU\S-1-5-21-1762389328-4058911699-1686794659-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...mmCjpsFtpjtDwtQOnmoyP4wg1s-vYtHjKqJdAv&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=...id=WDCXWD1001FALS-00Y6A0_WD-WCATR116982969829
    FF user.js: detected! => C:\Users\Borki\AppData\Roaming\Mozilla\Firefox\Profiles\kqb5679r.default\user.js [2016-03-14]
    FF SearchPlugin: C:\Users\Borki\AppData\Roaming\Mozilla\Firefox\Profiles\kqb5679r.default\searchplugins\bing-.xml [2016-01-19]
    FF SearchPlugin: C:\Users\Borki\AppData\Roaming\Mozilla\Firefox\Profiles\kqb5679r.default\searchplugins\DD1B66D4.xml [2016-03-14]
    FF SearchPlugin: C:\Users\Borki\AppData\Roaming\Mozilla\Firefox\Profiles\kqb5679r.default\searchplugins\mysites123.xml [2016-03-14]
    FF SearchPlugin: C:\Users\Borki\AppData\Roaming\Mozilla\Firefox\Profiles\kqb5679r.default\searchplugins\smod.xml [2016-03-14]
    FF Extension: Bing Search - C:\Users\Borki\AppData\Roaming\Mozilla\Firefox\Profiles\kqb5679r.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-01-19]
    FF Extension: FirefixTab - C:\Users\Borki\AppData\Roaming\Mozilla\Firefox\Profiles\kqb5679r.default\Extensions\deskCutv2@gmail.com [2016-03-14] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Borki\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Borki\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\yahooprotected@gmail.com => nie znaleziono
    CHR HKU\S-1-5-21-1762389328-4058911699-1686794659-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
    R2 AppxelosknoK; C:\ProgramData\\AppxelosknoK\\AppxelosknoK.exe [529408 2016-03-14] () [Brak podpisu cyfrowego]
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1281056 2015-12-24] ()
    R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [765440 2016-03-14] () [Brak podpisu cyfrowego]
    R2 Folbowb; C:\Users\Borki\AppData\Roaming\EfugCoywiko\Fidlyi.exe [125824 2016-03-14] ()
    R2 gerocyni; C:\Program Files (x86)\670FBDC0-1457979197-11DF-BC87-BCAEC59587B3\jnsa3D1C.tmp [302080 2016-03-14] () [Brak podpisu cyfrowego]
    S2 ggbugreport; C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe [1593872 2016-02-26] ()
    R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [275192 2016-03-11] (RayDl)
    R2 Kaksup; C:\Users\Borki\AppData\Roaming\Epiofpeec\Epiofpeec.exe [174464 2016-03-14] ()
    R2 ktip; C:\Program Files\ktip\ktip.exe [383488 2016-03-14] () [Brak podpisu cyfrowego]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
    R2 REACHit; C:\Program Files\REACHit\REACHit.exe [383488 2016-03-14] () [Brak podpisu cyfrowego]
    R2 Reonke; C:\Users\Borki\AppData\Roaming\Lujdawnoa\Lujdawnoa.exe [174416 2016-03-14] ()
    R2 uodateaoprodlct; C:\Users\Borki\AppData\Local\dontouch.exe [28160 2016-03-14] () [Brak podpisu cyfrowego]
    R2 WdMan; C:\ProgramData\FWdMF\WdMan.exe [302248 2016-03-14] (TFuns LIMITED)
    S2 Winsere; C:\Program Files (x86)\Winsere\Winsere\Winsere.exe [306192 2016-03-11] ()
    R2 wucotusy; C:\Program Files (x86)\670FBDC0-1457979197-11DF-BC87-BCAEC59587B3\hnsk54D2.tmp [416256 2016-03-14] () [Brak podpisu cyfrowego]
    S2 Fuhgevr; "C:\Users\Borki\AppData\Roaming\CannalOfuh\Timwujdo.exe" -cms [X]
    R2 nuzylutezbt; C:\Program Files (x86)\670FBDC0-1457979197-11DF-BC87-BCAEC59587B3\knsf2523.tmpfs [X]
    S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]
    R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2016-03-14] (Cherimoya Ltd)
    R1 {e2f71795-3334-49b2-b329-0a00cf320340}Gw64; C:\Windows\System32\drivers\{e2f71795-3334-49b2-b329-0a00cf320340}Gw64.sys [48752 2016-03-14] (StdLib)
    S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
    S3 NPF; system32\drivers\NPF.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-03-14 21:39 - 2016-03-14 21:39 - 00000000 ____D C:\Windows\system32\jobs
    2016-03-14 21:36 - 2016-03-14 21:36 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Borki\Downloads\SpyHunter-Installer.exe
    2016-03-14 21:27 - 2016-03-14 21:27 - 00000000 ____D C:\ProgramData\AppxelosknoKs
    2016-03-14 21:26 - 2016-03-14 21:41 - 00000000 ____D C:\ProgramData\AppxelosknoK
    2016-03-14 21:20 - 2016-03-14 21:20 - 00003164 _____ C:\Windows\System32\Tasks\{8375CA36-9511-477F-A5AD-258842D7ADFE}
    2016-03-14 21:13 - 2016-03-14 21:13 - 06871040 _____ C:\Program Files (x86)\GUTFBEB.tmp
    2016-03-14 21:13 - 2016-03-14 21:13 - 00000000 ____D C:\Windows\system32\pio
    2016-03-14 21:13 - 2016-03-14 21:13 - 00000000 ____D C:\Program Files (x86)\GUMFBDB.tmp
    2016-03-14 21:08 - 2016-03-14 21:08 - 00003262 _____ C:\Windows\System32\Tasks\IBUpd2
    2016-03-14 21:07 - 2016-03-14 21:17 - 00000000 ____D C:\Users\Borki\AppData\Local\BrowserAir
    2016-03-14 21:07 - 2016-03-14 21:08 - 50053120 _____ C:\Program Files (x86)\GUTE07F.tmp
    2016-03-14 21:07 - 2016-03-14 21:07 - 00000000 ____D C:\Program Files (x86)\GUME07E.tmp
    2016-03-14 21:06 - 2016-03-14 21:10 - 00000000 ____D C:\Program Files\Common Files\Goobzo
    2016-03-14 21:06 - 2016-03-14 21:06 - 00000000 ____D C:\ProgramData\SearchModule
    2016-03-14 19:44 - 2016-03-14 19:44 - 00000000 ____D C:\Windows\system32\anhg
    2016-03-14 19:37 - 2016-03-14 19:37 - 00000000 ____D C:\Users\Borki\AppData\Roaming\MCorp
    2016-03-14 19:35 - 2016-03-14 21:04 - 00000000 ____D C:\Users\Borki\AppData\Local\app
    2016-03-14 19:30 - 2016-03-14 19:30 - 00000000 ____D C:\Windows\system32\jacu
    2016-03-14 19:30 - 2016-03-14 19:30 - 00000000 ____D C:\Windows\system32\copj
    2016-03-14 19:28 - 2016-03-14 19:28 - 00000000 ____D C:\Users\Borki\AppData\Roaming\UPUpdata
    2016-03-14 19:27 - 2016-03-14 19:27 - 00003338 _____ C:\Windows\System32\Tasks\Iwufroh
    2016-03-14 19:27 - 2016-03-14 19:27 - 00000000 ____D C:\Users\Borki\AppData\Roaming\Epiofpeec
    2016-03-14 19:27 - 2016-03-14 19:27 - 00000000 ____D C:\Users\Borki\AppData\Roaming\EfugCoywiko
    2016-03-14 19:25 - 2016-03-14 21:40 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-03-14 19:25 - 2016-03-14 19:27 - 00000000 ____D C:\Users\Borki\AppData\Local\Tempfolder
    2016-03-14 19:25 - 2016-03-14 19:25 - 00003336 _____ C:\Windows\System32\Tasks\Lhqycdi
    2016-03-14 19:25 - 2016-03-14 19:25 - 00000000 ____D C:\Users\Borki\AppData\Roaming\Lujdawnoa
    2016-03-14 19:25 - 2016-03-14 19:25 - 00000000 ____D C:\Users\Borki\AppData\LocalLow\Company
    2016-03-14 19:25 - 2016-03-14 19:25 - 00000000 ____D C:\Users\Borki\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-03-14 19:25 - 2016-03-14 19:25 - 00000000 ____D C:\uninst
    2016-03-14 19:23 - 2016-03-14 19:24 - 00000000 ____D C:\ProgramData\FWdMF
    2016-03-14 19:23 - 2016-03-14 19:23 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2016-03-14 19:22 - 2016-03-14 21:27 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
    2016-03-14 19:22 - 2016-03-14 21:26 - 00000000 ____D C:\ProgramData\CloudPrinter
    2016-03-14 19:22 - 2016-03-14 19:22 - 07600640 _____ C:\Users\Borki\AppData\Roaming\agent.dat
    2016-03-14 19:22 - 2016-03-14 19:22 - 01787289 _____ C:\Users\Borki\AppData\Roaming\Voyazap.tst
    2016-03-14 19:22 - 2016-03-14 19:22 - 00188619 _____ () C:\Users\Borki\AppData\Roaming\Kandox.bin
    2016-03-14 19:22 - 2016-03-14 19:22 - 00126464 _____ C:\Users\Borki\AppData\Roaming\noah.dat
    2016-03-14 19:22 - 2016-03-14 19:22 - 00126464 _____ C:\Users\Borki\AppData\Roaming\lobby.dat
    2016-03-14 19:22 - 2016-03-14 19:22 - 00072709 _____ C:\Users\Borki\AppData\Roaming\TrippleTraxlight.tst
    2016-03-14 19:22 - 2016-03-14 19:22 - 00065040 _____ C:\Users\Borki\AppData\Roaming\Config.xml
    2016-03-14 19:22 - 2016-03-14 19:22 - 00054272 _____ C:\Users\Borki\AppData\Roaming\ApplicationHosting.dat
    2016-03-14 19:22 - 2016-03-14 19:22 - 00018432 _____ C:\Users\Borki\AppData\Roaming\Main.dat
    2016-03-14 19:22 - 2016-03-14 19:22 - 00005568 _____ C:\Users\Borki\AppData\Roaming\md.xml
    2016-03-14 19:22 - 2016-03-14 19:22 - 00000000 ____D C:\ProgramData\Konksolexs
    2016-03-14 19:22 - 2016-03-14 19:22 - 00000000 ____D C:\Program Files\ktip
    2016-03-14 19:22 - 2016-03-14 19:21 - 00765440 _____ C:\Users\Borki\AppData\Roaming\Voyazap.exe
    2016-03-14 19:22 - 2016-03-14 19:21 - 00765440 _____ C:\Users\Borki\AppData\Roaming\TrippleTraxlight.exe
    2016-03-14 19:21 - 2016-03-14 21:23 - 00000000 ____D C:\Users\Borki\AppData\Roaming\yoursearching
    2016-03-14 19:21 - 2016-03-14 19:21 - 00848437 _____ C:\Users\Borki\AppData\Roaming\Voltlab.bin
    2016-03-14 19:21 - 2016-03-14 19:21 - 00127488 _____ C:\Users\Borki\AppData\Roaming\Installer.dat
    2016-03-14 19:21 - 2016-03-14 19:21 - 00017760 _____ C:\Users\Borki\AppData\Roaming\InstallationConfiguration.xml
    2016-03-14 19:21 - 2016-03-14 19:21 - 00000643 _____ C:\yoursearching.xml
    2016-03-14 19:20 - 2016-03-14 21:40 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
    2016-03-14 19:20 - 2016-03-14 21:07 - 00000000 ____D C:\Program Files (x86)\Hostify
    2016-03-14 19:20 - 2016-03-14 19:20 - 00000000 ____D C:\Users\Borki\AppData\Local\F727A298-4DB4-456A-AC54-A93EA5F8554D
    2016-03-14 19:20 - 2016-03-14 19:20 - 00000000 ____D C:\Users\Borki\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
    2016-03-14 19:19 - 2016-03-14 06:22 - 00048752 _____ (StdLib) C:\Windows\system32\Drivers\{e2f71795-3334-49b2-b329-0a00cf320340}Gw64.sys
    2016-03-14 19:18 - 2016-03-14 19:18 - 00000000 ____D C:\Program Files (x86)\RayDld
    2016-03-14 19:17 - 2016-03-14 21:04 - 00000000 ____D C:\Program Files\REACHit
    2016-03-14 19:17 - 2016-03-14 19:17 - 00041472 _____ C:\Users\Borki\AppData\Local\dontouch.dat
    2016-03-14 19:17 - 2016-03-14 19:17 - 00028160 _____ C:\Users\Borki\AppData\Local\dontouch.exe
    2016-03-14 19:17 - 2016-03-14 19:17 - 00001233 _____ C:\Users\Borki\Desktop\Random Viral.lnk
    2016-03-14 19:17 - 2016-03-14 19:17 - 00000187 _____ C:\Users\Borki\AppData\Local\dontouch.exe.config
    2016-03-14 19:16 - 2016-03-14 21:05 - 00001100 _____ C:\Users\Borki\Desktop\Continue installation .lnk
    2016-03-14 19:14 - 2016-03-14 19:24 - 00000000 ____D C:\Users\Borki\AppData\Local\670FBDC0-1457982876-11DF-BC87-BCAEC59587B3
    2016-03-14 19:13 - 2016-03-14 19:29 - 00000000 ____D C:\Program Files (x86)\670FBDC0-1457979197-11DF-BC87-BCAEC59587B3
    2016-03-14 19:13 - 2016-03-14 19:13 - 00000000 ____D C:\Users\Borki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage
    2016-03-14 19:11 - 2016-03-14 19:20 - 00015236 _____ C:\Windows\System32\Tasks\WinTaske
    2016-03-14 19:11 - 2016-03-14 19:11 - 00000000 ____D C:\Users\Public\Documents\dmp
    2016-03-14 19:11 - 2016-03-14 19:11 - 00000000 ____D C:\Program Files (x86)\WinTaske
    2016-03-14 19:11 - 2016-03-14 19:11 - 00000000 ____D C:\Program Files (x86)\Winsere
    2016-03-14 18:57 - 2016-03-14 19:10 - 75963901 _____ C:\Users\Borki\Downloads\Adobe Reader XI 11.0.10 (Multi )( Latest Version )( PDF Reader )( Serial ) FULL.rar
    2016-03-14 15:06 - 2016-03-14 19:25 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
    2016-02-28 13:14 - 2016-02-28 13:14 - 00003244 _____ C:\Windows\System32\Tasks\PriceFountainUpdateVer
    2016-02-28 13:14 - 2016-02-28 13:14 - 00000000 ____D C:\Users\Borki\AppData\Roaming\PriceFountainUpdateVer
    2016-02-28 13:13 - 2016-02-28 13:13 - 00003456 _____ C:\Windows\System32\Tasks\BorkiUnpitedAbsencesV2
    2016-02-28 13:12 - 2016-02-28 13:12 - 01100108 _____ ( ) C:\Users\Borki\Downloads\Freemake-Video-Downloader-20102-dp.exe
    2016-02-25 22:00 - 2016-02-25 22:00 - 00000058 _____ C:\Windows\JQHApp.dat
    2016-02-20 11:45 - 2016-02-20 11:45 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-02-20 11:45 - 2016-02-20 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2016-02-20 11:45 - 2016-01-22 17:56 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-03-14 21:07 - 2016-03-14 21:08 - 50053120 _____ () C:\Program Files (x86)\GUTE07F.tmp
    2016-03-14 21:13 - 2016-03-14 21:13 - 6871040 _____ () C:\Program Files (x86)\GUTFBEB.tmp
    2016-03-14 19:22 - 2016-03-14 19:22 - 7600640 _____ () C:\Users\Borki\AppData\Roaming\agent.dat
    2016-03-14 19:22 - 2016-03-14 19:22 - 0054272 _____ () C:\Users\Borki\AppData\Roaming\ApplicationHosting.dat
    2016-03-14 19:22 - 2016-03-14 19:22 - 0065040 _____ () C:\Users\Borki\AppData\Roaming\Config.xml
    2016-03-14 19:21 - 2016-03-14 19:21 - 0017760 _____ () C:\Users\Borki\AppData\Roaming\InstallationConfiguration.xml
    2016-03-14 19:21 - 2016-03-14 19:21 - 0127488 _____ () C:\Users\Borki\AppData\Roaming\Installer.dat
    2016-03-14 19:22 - 2016-03-14 19:22 - 0188619 _____ () C:\Users\Borki\AppData\Roaming\Kandox.bin
    2016-03-14 19:22 - 2016-03-14 19:22 - 0126464 _____ () C:\Users\Borki\AppData\Roaming\lobby.dat
    2016-03-14 19:22 - 2016-03-14 19:22 - 0018432 _____ () C:\Users\Borki\AppData\Roaming\Main.dat
    2016-03-14 19:22 - 2016-03-14 19:22 - 0005568 _____ () C:\Users\Borki\AppData\Roaming\md.xml
    2016-03-14 19:22 - 2016-03-14 19:22 - 0126464 _____ () C:\Users\Borki\AppData\Roaming\noah.dat
    2016-03-14 19:22 - 2016-03-14 19:21 - 0765440 _____ () C:\Users\Borki\AppData\Roaming\TrippleTraxlight.exe
    2016-03-14 19:22 - 2016-03-14 19:22 - 0072709 _____ () C:\Users\Borki\AppData\Roaming\TrippleTraxlight.tst
    2016-03-14 19:22 - 2016-03-14 19:22 - 0032038 _____ () C:\Users\Borki\AppData\Roaming\uninstall_temp.ico
    2016-03-14 19:21 - 2016-03-14 19:21 - 0848437 _____ () C:\Users\Borki\AppData\Roaming\Voltlab.bin
    2016-03-14 19:22 - 2016-03-14 19:21 - 0765440 _____ () C:\Users\Borki\AppData\Roaming\Voyazap.exe
    2016-03-14 19:22 - 2016-03-14 19:22 - 1787289 _____ () C:\Users\Borki\AppData\Roaming\Voyazap.tst
    2016-03-14 19:17 - 2016-03-14 19:17 - 0041472 _____ () C:\Users\Borki\AppData\Local\dontouch.dat
    2016-03-14 19:17 - 2016-03-14 19:17 - 0028160 _____ () C:\Users\Borki\AppData\Local\dontouch.exe
    2016-03-14 19:17 - 2016-03-14 19:17 - 0000187 _____ () C:\Users\Borki\AppData\Local\dontouch.exe.config
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Po wykonaniu uzyj https://www.elektroda.pl/rtvforum/download.php?id=731083 i zamiesc log, ktory sie utworzy oraz nowe logi z FRST, ze skanowania.

    0
  • #4 15 Mar 2016 15:06
    Kolobos
    Spec od komputerów

    Wykonaj taki Fixlist.txt:
    Move: C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll

    Calosc w jest w jednej linii. Jezeli nie przegra sie automatycznie to zrob to recznie z
    C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll do C:\Windows\SysWOW64\dnsapi.dll

    Zamiesc tez nowe logi z FRST, ze skanowania oraz log z RepairDNS utworzony po wykonaniu.

    0
  • #5 15 Mar 2016 15:06
    Domino_2
    Pomocny dla użytkowników

    Miałeś zamieścić nowe logi ze skanowania, a nie fixlog, który się utworzył po przeprowadzeniu naprawy.

    0