Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Mail.ru - potrzebuję pomocy z usunięciem tego wirusa!!

Patrykos2838 15 Lip 2017 16:37 1053 13
  • #1 15 Lip 2017 16:37
    Patrykos2838
    Poziom 3  

    ]Mail.ru wyświetlał mi reklamy na wszystkich przeglądarkach i zawsze przekierowywało mnie na strone mail.ru. Próbowałem usuwać pliki Mail.ru ręcznie szukając w Appdata itd. Próbowałem użyć FRST, owszem udało mi się nim pozbyć ciągłego przekierowywania do mail.ru, ale reklamy i tak zostały.
    Proszę o pomoc!

    0 13
  • #2 15 Lip 2017 16:43
    Kolobos
    Spec od komputerów

    Zamiast "probowac" uzyc FRST, zamiesc logi w zalaczniku!

    0
  • #3 15 Lip 2017 16:49
    Patrykos2838
    Poziom 3  

    Tyle wystarczy?

    0
  • #4 15 Lip 2017 18:00
    Jazonis
    Poziom 4  

    Odinstaluj:

    LegendOnline 1.1.4.259
    Reimage Repair
    McAfee Security Scan Plus
    Driver Genius
    ByteFence Anti-Malware
    Java 8 Update 121 zamien na nowszą - https://ninite.com/java8/

    Uzyj:
    https://www.bleepingcomputer.com/download/adwcleaner/
    oraz
    https://pl.malwarebytes.com/ i usuń wszystko co wykryją.

    Pobieraj TYLKO z bezposrednich linków, a nie z menadzerow pobierania ktore oferują strony.

    Otwórz notatnik systemowy i wklej:
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku
    ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku
    Task: {37EDACFE-AA7F-48E2-A532-6F3A5F57B862} - System32\Tasks\{EFA9D79D-81E3-4FF8-8508-0C69403C9E75} => pcalua.exe -a F:\setup.exe -d F:\
    Task: {58860F2E-5A92-4FC3-B5F2-C54899567195} - System32\Tasks\{5426126A-E6AC-43F9-A855-1CFEC650A1D7} => pcalua.exe -a C:\Users\Dom\Desktop\vietcong-v160.exe -d C:\Users\Dom\Desktop
    Task: {6E819A77-E887-48F4-AFAC-915CE6D9C659} - System32\Tasks\{CF45C94E-E875-4DF6-8CF1-96961E3D3FD4} => pcalua.exe -a F:\setup.exe -d F:\
    Task: {90502E61-4EBC-477E-A5B1-9453F8930F52} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-05-14] (Reimage®) <==== UWAGA
    Task: {987D9149-37CE-47F2-9FD6-586C42D8403B} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-04-19] (Byte Technologies LLC) <==== UWAGA
    Task: {BEE5CAE8-F94A-47EC-B85D-6BA0C2CE2AB1} - System32\Tasks\RETRER Ripper => Rundll32.exe "C:\Program Files\RETRER Ripper\RETRER Ripper.dll",MUBsiKPVyx <==== UWAGA
    Task: {C90C440F-8682-446E-B26A-D017398F88F6} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-04-19] (Byte Technologies LLC) <==== UWAGA
    2016-05-25 14:38 - 2016-05-25 14:38 - 00129304 _____ () C:\Program Files\ByteFence\x64\lz4_x64.dll
    Task: {F3B03B96-CF6A-4527-A5E2-969967F3661D} - System32\Tasks\{78857D35-6E14-4F7D-AC7B-1652463D6D98} => pcalua.exe -a "C:\Program Files (x86)\AIMP Classic\UnInstall.exe"
    Task: {E88ECC9A-C74D-48FF-BFAE-85DF91BB563A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2017-07-03] (Reimage ltd.) <==== UWAGA
    ShortcutWithArgument: C:\Users\Dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk -> C:\Users\Dom\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com




    HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
    HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
    HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
    HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
    HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
    HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
    HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
    HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
    HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\...\MountPoints2: F - F:\autorun.exe
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\...\MountPoints2: {7ccb372d-5c2f-11e7-ae1f-74d4355b1d4b} - G:\autorun.exe
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\...\MountPoints2: {7e7801a4-a8cb-11e6-873d-74d4355b1d4b} - F:\setup.exe
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\...\MountPoints2: {afb3f0ad-3bd4-11e7-bb26-74d4355b1d4b} - F:\Startme.exe
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\...\Run: [mailruhomesearch] => "C:\Users\Dom\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-07-10]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    Hosts:
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?rvt=1&pid=bcu
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://mysearch.avg.com/search?rvt=1&sap...d=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://mysearch.avg.com/search?rvt=1&sap...d=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=818407
    SearchScopes: HKLM-x32 -> DefaultScope {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap...d=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
    SearchScopes: HKLM-x32 -> {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap...d=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3905996800-3678964233-3619516002-1000 -> DefaultScope {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap...d=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3905996800-3678964233-3619516002-1000 -> {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap...d=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3905996800-3678964233-3619516002-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BC49F9172-0C49-42A0-BA68-BA457176D035%7D&gp=811041
    FF user.js: detected! => C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\weqe78fe.default\user.js [2017-06-29]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\weqe78fe.default -> Поиск@Mail.Ru
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\weqe78fe.default -> Поиск@Mail.Ru
    FF Homepage: Mozilla\Firefox\Profiles\weqe78fe.default -> hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=811040
    FF Keyword.URL: Mozilla\Firefox\Profiles\weqe78fe.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B4E...-1D9C-4700-A745-C52847A4FF4C%7D&gp=811041
    FF Extension: (Tables) - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\weqe78fe.default\Extensions\378507@extcorp.net.xpi [2017-06-24]
    FF Extension: (Fast search) - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\weqe78fe.default\Extensions\amcontextmenu@loucypher [2017-07-10]
    FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\weqe78fe.default\Extensions\homepage@mail.ru [2017-06-28]
    FF Extension: (Поиск@Mail.Ru) - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\weqe78fe.default\Extensions\search@mail.ru [2017-06-28]
    FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\weqe78fe.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-06-28]
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-09-23] ( Garena)
    CHR HomePage: Default -> mail.ru
    CHR StartupUrls: Default -> "hxxps://www.google.com/"
    CHR NewTab: Default -> Not-active:"chrome-extension://oelpkepjlgmehajehfeicfbjdiobdkfj/visual-bookmarks.html", Not-active:"chrome-extension://epgjfmblhacacphaljkdcjllkomdcjpc/visual-bookmarks.html", Not-active:"chrome-extension://iinglghmhcgdgjjlafobajghjamdchik/newtab.html"
    CHR HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [epgjfmblhacacphaljkdcjllkomdcjpc] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
    CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-06-28]
    CHR Extension: (Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-06-29]
    CHR Extension: (Tables) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-07-10]
    CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2017-06-28]
    CHR Extension: (Bitmotion - New Tab) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\iinglghmhcgdgjjlafobajghjamdchik [2017-06-24]
    CHR Extension: (Cookies On-Off) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb [2017-06-27]
    CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\epgjfmblhacacphaljkdcjllkomdcjpc [2017-06-28]
    CHR Extension: (Arkusze Google) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-12]
    CHR Extension: (Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-06-28]
    OPR Extension: (Fast search) - C:\Users\Dom\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-07-10]
    OPR Extension: (Tampermonkey) - C:\Users\Dom\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-07-10]
    OPR Extension: (Tables) - C:\Users\Dom\AppData\Roaming\Opera Software\Opera Stable\Extensions\egafjhhpbipcmpoiomegbckljbbbphoj [2017-07-10]
    R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8515952 2017-05-14] (Reimage®)
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-03-28] ()
    S2 0271881500014800mcinstcleanup; C:\Users\Dom\AppData\Local\Temp\027188~1.EXE [1027864 2016-11-28] (McAfee, Inc.) <==== UWAGA
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego]
    R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2017-04-19] (Byte Technologies LLC)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-30] (McAfee, Inc.) [Brak podpisu cyfrowego]
    2017-07-14 08:30 - 2017-07-14 08:30 - 00604928 _____ (Reimage) C:\Users\Dom\Downloads\ReimageRepair (2).exe
    2017-07-14 08:28 - 2017-07-14 08:28 - 00604928 _____ (Reimage) C:\Users\Dom\Downloads\ReimageRepair (1).exe
    2017-07-10 23:25 - 2017-07-14 08:33 - 00003434 _____ C:\Windows\System32\Tasks\Reimage Reminder
    2017-07-10 23:24 - 2017-07-14 08:33 - 00004278 _____ C:\Windows\System32\Tasks\ReimageUpdater
    2017-07-10 23:24 - 2017-07-14 08:33 - 00001939 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
    2017-07-10 23:24 - 2017-07-10 23:25 - 00000000 ____D C:\ProgramData\Reimage Protector
    2017-07-10 23:24 - 2017-07-10 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2017-07-10 23:23 - 2017-07-14 08:33 - 00000000 ____D C:\rei
    2017-07-10 23:23 - 2017-07-10 23:24 - 00000000 ____D C:\Program Files\Reimage
    2017-07-10 23:22 - 2017-07-14 08:33 - 00000150 _____ C:\Windows\Reimage.ini
    2017-07-10 23:22 - 2017-07-10 23:22 - 00604928 _____ (Reimage) C:\Users\Dom\Downloads\ReimageRepair.exe
    2017-07-10 15:44 - 2017-07-10 15:46 - 00000000 ___HD C:\Program Files (x86)\Temp
    2017-07-10 15:35 - 2017-07-10 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2017-07-10 15:34 - 2017-07-10 15:34 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2017-07-10 08:41 - 2017-07-10 08:41 - 00000000 ____D C:\Users\Dom\AppData\Roaming\BrowserModule
    2017-07-10 08:40 - 2017-07-12 18:53 - 00016712 _____ C:\Windows\System32\Tasks\RETRER Ripper
    2017-07-10 08:39 - 2017-07-10 08:42 - 00000000 ____D C:\Users\Dom\Desktop\Driver_Genius_17_Activation_key_2017
    2017-07-10 08:38 - 2017-07-10 08:38 - 00994539 _____ C:\Users\Dom\Desktop\Driver_Genius_17_Activation_key_2017.zip
    2017-07-10 08:28 - 2017-07-10 08:29 - 00003254 _____ C:\Windows\System32\Tasks\Driver Genius Scheduler
    2017-07-10 08:28 - 2017-07-10 08:28 - 00002926 _____ C:\Windows\System32\Tasks\Driver Genius Skip UAC
    2017-07-10 08:28 - 2017-07-10 08:28 - 00001171 _____ C:\Users\Dom\Desktop\Driver Genius.lnk
    2017-07-10 08:28 - 2017-07-10 08:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
    2017-07-10 08:24 - 2017-07-10 08:24 - 14490352 _____ (Driver-Soft Inc. ) C:\Users\Dom\Desktop\DG_Setup.exe
    2017-07-10 08:29 - 2017-07-10 08:29 - 00000000 ____D C:\ProgramData\Driver-Soft
    2017-07-10 08:27 - 2017-07-10 08:27 - 00000000 ____D C:\Program Files (x86)\Driver-Soft
    2017-07-06 13:02 - 2017-07-06 13:10 - 00000000 ____D C:\Users\Dom\Desktop\logs.dll
    2017-07-06 13:02 - 2017-07-06 13:02 - 00708506 _____ C:\Users\Dom\Desktop\logs.dll.zip
    2017-07-06 13:02 - 2004-01-22 06:16 - 01531904 _____ C:\Windows\SysWOW64\logs.dll
    2017-06-28 13:10 - 2017-06-28 13:10 - 00000000 ____D C:\ProgramData\TEMP
    2017-07-10 15:35 - 2017-05-03 16:08 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2017-07-10 15:35 - 2017-05-03 16:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2017-07-06 08:39 - 2017-05-03 15:45 - 00000000 ____D C:\Program Files (x86)\McAfee
    2017-06-24 08:41 - 2017-06-24 08:41 - 00000000 ____D C:\Users\Dom\Desktop\1602adtrn
    2017-06-24 08:39 - 2017-06-24 08:39 - 00240798 _____ C:\Users\Dom\Desktop\1602adtrn.zip
    2017-06-24 10:03 - 2017-06-24 10:03 - 00096703 _____ C:\Users\Dom\Desktop\Anno_1602_spolszczenie_www.INSTALKI.pl.rar
    2017-06-27 22:07 - 2017-06-27 22:07 - 00000000 ____D C:\Users\Dom\AppData\Local\Disc_Soft_Ltd
    2017-07-14 14:14 - 2016-11-12 12:33 - 00127976 _____ C:\Users\Dom\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-07-14 13:56 - 2017-01-18 01:28 - 00000000 ____D C:\Users\Dom\AppData\LocalLow\Mozilla
    2017-07-14 08:46 - 2017-05-03 15:33 - 00000000 ____D C:\ProgramData\McAfee
    2017-07-14 08:46 - 2017-05-03 15:33 - 00000000 ____D C:\Program Files\TrueKey
    2017-07-14 08:37 - 2016-11-12 12:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2017-07-14 08:00 - 2016-11-27 19:38 - 00000000 ____D C:\Program Files\ByteFence
    2017-07-12 19:55 - 2017-06-02 20:52 - 00004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
    2017-07-12 18:59 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\RETRER Ripper
    2017-07-11 09:14 - 2017-01-15 18:27 - 00007595 _____ C:\Users\Dom\AppData\Local\Resmon.ResmonCfg
    2017-06-28 11:25 - 2016-12-05 18:08 - 00000000 ____D C:\ProgramData\Mail.Ru
    2017-06-19 20:42 - 2017-02-05 16:36 - 00007887 _____ C:\Windows\BRRBCOM.INI
    2016-12-04 21:30 - 2016-12-04 21:30 - 0568240 _____ () C:\Users\Dom\AppData\Roaming\gameboxsetup.exe
    2017-01-15 18:27 - 2017-07-11 09:14 - 0007595 _____ () C:\Users\Dom\AppData\Local\Resmon.ResmonCfg
    EmptyTemp:

    Po wykonaniu zamiesc nowe logi ze skanowania FRST.

    1
  • #5 15 Lip 2017 20:02
    Kolobos
    Spec od komputerów

    Uzyj tez: https://sourceforge.net/projects/adobeflashup...an%20Remover/RemoveMcAfee_silent.exe/download

    Najlepiej zanim zamiescisz nowe logi.

    Do tego z podanego wczesniej Fixlist usun:
    CHR Extension: (Bitmotion - New Tab) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\iinglghmhcgdgjjlafobajghjamdchik [2017-06-24]
    OPR Extension: (Tampermonkey) - C:\Users\Dom\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-07-10]
    CHR Extension: (Arkusze Google) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-12]

    1
  • #7 15 Lip 2017 21:23
    Kolobos
    Spec od komputerów

    Zamiesc nowe logi z FRST, ze skanowania. Fixlog jest zbedny.

    0
  • Pomocny post
    #9 15 Lip 2017 22:37
    Kolobos
    Spec od komputerów

    Z tego co widze to chyba w ogole nie wykonales podanego wczesniej Fixlist, dlaczego?

    Ok, juz widze, utworzyles Fixlist:
    2017-07-15 20:53 - 2017-07-15 20:53 - 00019370 _____ C:\Users\Dom\Desktop\fixlist.txt
    Ale w ogole go nie wykonales i zamiesciles stary Fixlog:
    2017-07-14 21:25 - 2017-07-14 21:25 - 00001165 _____ C:\Users\Dom\Desktop\Fixlog.txt

    Tym razem postaraj sie troche bardziej i wykonaj.

    Fixlist.txt dla FRST:
    Task: {37EDACFE-AA7F-48E2-A532-6F3A5F57B862} - System32\Tasks\{EFA9D79D-81E3-4FF8-8508-0C69403C9E75} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\
    Task: {58860F2E-5A92-4FC3-B5F2-C54899567195} - System32\Tasks\{5426126A-E6AC-43F9-A855-1CFEC650A1D7} => C:\Windows\system32\pcalua.exe -a C:\Users\Dom\Desktop\vietcong-v160.exe -d C:\Users\Dom\Desktop
    Task: {6E819A77-E887-48F4-AFAC-915CE6D9C659} - System32\Tasks\{CF45C94E-E875-4DF6-8CF1-96961E3D3FD4} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\
    Task: {AF3E6559-7CFB-492C-8C05-14A9CC320014} - System32\Tasks\mynewsforneteghsm => C:\Gry\Counter-Strike 1.6 v43\SteamServerBrowser\SteamServerBrowser.exe [2017-01-10] ()
    Task: {BEE5CAE8-F94A-47EC-B85D-6BA0C2CE2AB1} - System32\Tasks\RETRER Ripper => C:\Windows\system32\rundll32.exe "C:\Program Files\RETRER Ripper\RETRER Ripper.dll",MUBsiKPVyx <==== UWAGA
    Task: {F3B03B96-CF6A-4527-A5E2-969967F3661D} - System32\Tasks\{78857D35-6E14-4F7D-AC7B-1652463D6D98} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\AIMP Classic\UnInstall.exe"
    Task: {F97B8EA0-170F-4B31-B921-1AC621B3E33C} - System32\Tasks\Opera scheduled Autoupdate 1498636203 => C:\Users\Dom\AppData\Local\Programs\Opera\launcher.exe [2017-07-11] (Opera Software)
    Hosts:
    HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
    HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
    HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
    HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
    HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
    HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
    HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
    HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
    HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\...\Run: [mailruhomesearch] => "C:\Users\Dom\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\...\Run: [SteamServerBrowser] => C:\Gry\Counter-Strike 1.6 v43\SteamServerBrowser\SteamServerBrowser.exe [206848 2017-01-10] HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\...\MountPoints2: F - F:\autorun.exe
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\...\MountPoints2: {7ccb372d-5c2f-11e7-ae1f-74d4355b1d4b} - G:\autorun.exe
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\...\MountPoints2: {7e7801a4-a8cb-11e6-873d-74d4355b1d4b} - F:\setup.exe
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\...\MountPoints2: {afb3f0ad-3bd4-11e7-bb26-74d4355b1d4b} - F:\Startme.exe
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?rvt=1&pid=bcu
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://mysearch.avg.com/search?rvt=1&sap...d=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://mysearch.avg.com/search?rvt=1&sap...d=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
    HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=818407
    SearchScopes: HKLM-x32 -> DefaultScope {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap...d=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
    SearchScopes: HKLM-x32 -> {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap...d=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3905996800-3678964233-3619516002-1000 -> DefaultScope {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap...d=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3905996800-3678964233-3619516002-1000 -> {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap...d=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3905996800-3678964233-3619516002-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BC49F9172-0C49-42A0-BA68-BA457176D035%7D&gp=811041
    FF user.js: detected! => C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\weqe78fe.default\user.js [2017-06-29]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\weqe78fe.default -> Поиск@Mail.Ru
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\weqe78fe.default -> Поиск@Mail.Ru
    FF Homepage: Mozilla\Firefox\Profiles\weqe78fe.default -> hxxps://www.google.pl/?gws_rd=ssl
    FF Keyword.URL: Mozilla\Firefox\Profiles\weqe78fe.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B4E...-1D9C-4700-A745-C52847A4FF4C%7D&gp=811041
    FF Extension: (Tables) - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\weqe78fe.default\Extensions\378507@extcorp.net.xpi [2017-06-24]
    FF Extension: (Fast search) - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\weqe78fe.default\Extensions\amcontextmenu@loucypher [2017-07-10]
    CHR HomePage: Default -> mail.ru
    CHR Extension: (Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-06-28]
    CHR Extension: (Cookies On-Off) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb [2017-06-27]
    CHR Extension: (Tables) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-07-10]
    CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2017-06-28]
    CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-06-28]
    CHR Extension: (Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-06-29]
    CHR HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3905996800-3678964233-3619516002-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [epgjfmblhacacphaljkdcjllkomdcjpc] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
    OPR Extension: (Tables) - C:\Users\Dom\AppData\Roaming\Opera Software\Opera Stable\Extensions\egafjhhpbipcmpoiomegbckljbbbphoj [2017-07-10]
    OPR Extension: (Fast search) - C:\Users\Dom\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-07-10]
    S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe" [X]
    2017-07-14 08:30 - 2017-07-14 08:30 - 00604928 _____ (Reimage) C:\Users\Dom\Downloads\ReimageRepair (2).exe
    2017-07-14 08:28 - 2017-07-14 08:28 - 00604928 _____ (Reimage) C:\Users\Dom\Downloads\ReimageRepair (1).exe
    2017-07-10 23:22 - 2017-07-15 20:11 - 00000150 _____ C:\Windows\Reimage.ini
    2017-07-10 23:22 - 2017-07-10 23:22 - 00604928 _____ (Reimage) C:\Users\Dom\Downloads\ReimageRepair.exe
    2017-07-10 15:44 - 2017-07-10 15:46 - 00000000 ___HD C:\Program Files (x86)\Temp
    2017-07-10 08:41 - 2017-07-10 08:41 - 00000000 ____D C:\Users\Dom\AppData\Roaming\BrowserModule
    2017-07-10 08:40 - 2017-07-12 18:53 - 00016712 _____ C:\Windows\System32\Tasks\RETRER Ripper
    2017-07-10 08:39 - 2017-07-10 08:42 - 00000000 ____D C:\Users\Dom\Desktop\Driver_Genius_17_Activation_key_2017
    2017-07-10 08:29 - 2017-07-10 08:29 - 00000000 ____D C:\ProgramData\Driver-Soft
    2017-07-10 08:24 - 2017-07-10 08:24 - 14490352 _____ (Driver-Soft Inc. ) C:\Users\Dom\Desktop\DG_Setup.exe
    2017-07-09 22:09 - 2017-07-09 22:09 - 00003122 _____ C:\Windows\System32\Tasks\{5426126A-E6AC-43F9-A855-1CFEC650A1D7}
    2017-07-06 12:40 - 2017-07-06 12:40 - 00003036 _____ C:\Windows\System32\Tasks\{EFA9D79D-81E3-4FF8-8508-0C69403C9E75}
    2017-07-06 11:23 - 2017-07-06 11:23 - 00003036 _____ C:\Windows\System32\Tasks\{CF45C94E-E875-4DF6-8CF1-96961E3D3FD4}
    2017-06-28 10:21 - 2017-06-28 10:22 - 00003630 _____ C:\Windows\System32\Tasks\mynewsforneteghsm
    2017-06-28 09:53 - 2017-06-28 09:53 - 00000000 ____D C:\Users\Dom\Documents\PC Speed Maximizer
    2017-06-28 09:50 - 2017-07-14 14:15 - 00004108 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1498636203
    2017-06-28 09:47 - 2017-06-28 09:47 - 00000000 ____D C:\Program Files (x86)\Booking
    2017-06-28 09:46 - 2017-07-14 08:36 - 00000000 ____D C:\ProgramData\BOINC
    2017-06-28 09:45 - 2017-06-30 19:25 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
    2017-07-15 20:55 - 2017-05-03 15:33 - 00000000 ____D C:\ProgramData\McAfee
    2017-07-14 21:27 - 2017-05-03 15:45 - 00000000 ____D C:\Program Files\Common Files\McAfee
    2017-07-12 18:59 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\RETRER Ripper
    2017-07-06 08:39 - 2017-05-03 15:45 - 00000000 ____D C:\Program Files (x86)\McAfee
    2016-12-04 21:30 - 2016-12-04 21:30 - 0568240 _____ () C:\Users\Dom\AppData\Roaming\gameboxsetup.exe
    EmptyTemp:

    Po wykonaniu zamiesc nowy Fixlog i nowe logi ze skanowania.

    0
  • Pomocny post
    #11 15 Lip 2017 23:47
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt:
    HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    CHR StartupUrls: Default -> "hxxps://www.google.com/"
    CHR NewTab: Default -> Not-active:"chrome-extension://oelpkepjlgmehajehfeicfbjdiobdkfj/visual-bookmarks.html", Not-active:"chrome-extension://epgjfmblhacacphaljkdcjllkomdcjpc/visual-bookmarks.html", Not-active:"chrome-extension://iinglghmhcgdgjjlafobajghjamdchik/newtab.html"
    CHR Extension: (Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-06-28]
    CHR Extension: (Cookies On-Off) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb [2017-06-27]
    CHR Extension: (Tables) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-07-10]
    CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2017-06-28]
    CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-06-28]
    CHR Extension: (Mail.Ru) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-06-29]
    2017-07-15 21:00 - 2017-07-15 21:00 - 00000000 ____D C:\Users\Dom\Desktop\FRST-OlderVersion
    C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci
    C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb
    C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
    C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif
    C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
    C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd

    Po wykonaniu zamiesc nowe logi ze skanowania.

    0
  • Pomocny post
    #13 16 Lip 2017 08:40
    Kolobos
    Spec od komputerów

    Dobrze, ale nie wszystko sie usunelo.

    Usun katalog C:\FRST i to wszystko.

    0
  • #14 16 Lip 2017 10:19
    Patrykos2838
    Poziom 3  

    Dzięki już niema żadnych wcześniejszych reklam!
    Nie spodziewałem się , że dostane tak szybko te wszystkie odpowiedzi.

    0