Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Safefinder- prośba o analizę logów

Mixair 09 Gru 2017 03:10 282 4
  • #1 09 Gru 2017 03:10
    Mixair
    Poziom 2  

    Witam.

    Mam problem z usunięciem programu Safefinder. Czytałem że należy wykonać raport za pomocą Farbar Recovery Scan Tool, log w załączniku.

    Proszę o pomoc w rozwiązaniu problemu.FRST.txt Download (70.85 kB)

    0 4
  • #2 09 Gru 2017 07:35
    krzychupar
    Poziom 40  

    A gdzie log Addition.txt?

    0
  • Pomocny post
    #4 09 Gru 2017 14:33
    Kolobos
    Spec od komputerów

    Tak sie konczy bezmyslne sciaganie crackow i aktywatorow...

    Wykonaj Fixlist.txt dla FRST:
    Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== UWAGA

    Odinstaluj Online Application po wykonaniu.

    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie przegladarki.

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj nastepny Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {071A2CC7-919B-43E1-9DAA-72A63F666208} - System32\Tasks\jVVcebPoCjhHKmi2 => rundll32 "C:\Program Files (x86)\ExRIRmygU\qcaBEj.dll",#1
    Task: {141C916A-00AF-432D-B57D-6AB318CC2D10} - System32\Tasks\jVVcebPoCjhHKmi => rundll32 "C:\Program Files (x86)\ExRIRmygU\qcaBEj.dll",#1
    Task: {23561395-0D7F-4310-A035-A5451312C6DF} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {31150C09-4339-4C98-91CC-81B6C8B32CF2} - \boQbXxbEJPaDgWztw2 -> Brak pliku <==== UWAGA
    Task: {33295FE4-4B82-4006-B934-2DAA2CBC426E} - System32\Tasks\BmHhCekqquvtRi => rundll32 "C:\Program Files (x86)\vknAtWNPMhpU2\jqkcfauBrEijQ.dll",#1
    Task: {42B9ABA4-A616-4937-8241-EA9D224E56FE} - System32\Tasks\PPI Update => C:\Windows\explorer.exe "hxxp://windowsdefender.site/warning/download.php?mn=5623" <==== UWAGA
    TTask: {60886DA3-5D68-4AF6-9C2F-F45730F7FDEE} - \boQbXxbEJPaDgWztw -> Brak pliku <==== UWAGA
    Task: {6D58D552-430A-4B6E-82EA-C9FD23A4A1C3} - System32\Tasks\AMD ThankingURL => "" [Argument = -LAUNCHTHQURL]
    Task: {83872FA9-E493-47C6-A609-104201E21813} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {8465172D-0DC2-4BB9-BA8B-15A2B9B926F6} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {8B038B61-889D-4DC7-8ECA-2022245C9F10} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {92379692-09CC-4A5F-80EB-3136434924CE} - System32\Tasks\space(title, t_monitor) => C:\Program Files (x86)\SystemHealer\HealerConsole.exe
    Task: {9EEF7797-343E-41CA-99F4-77ADA9B2FB4C} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== UWAGA
    Task: {A6B7A9BE-C7F1-416B-8653-D25D0EF57C5E} - System32\Tasks\FastDataX Task => C:\Program Files (x86)\FastDataX\fastdatax.exe [2017-12-08] () <==== UWAGA
    Task: {DB9B23E1-A5DE-4E3B-A9DE-B583B027D8E0} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> Brak pliku <==== UWAGA
    Task: {F9F32611-ACEB-4259-8E81-BF34BDD16897} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: C:\Windows\Tasks\boQbXxbEJPaDgWztw.job => C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\pIeWXTi.dll
    Task: C:\Windows\Tasks\jVVcebPoCjhHKmi.job => C:\Program Files (x86)\ExRIRmygU\qcaBEj.dll
    Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Niko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    2017-12-08 23:05 - 2017-11-06 08:32 - 000014848 _____ () C:\ProgramData\tiser\run.exe
    2017-12-08 23:04 - 2017-12-08 23:04 - 000342528 _____ () C:\ProgramData\Quoteex\Silflex.dll
    2017-11-02 11:51 - 2017-11-02 11:51 - 000199864 _____ () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    () C:\ProgramData\tiser\run.exe
    () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    HKLM\...\Run: [SERVICE] => [X]
    HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [282384 2015-03-22] (Filefacts.net)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-1337677906-501067775-1895579387-1000\...\MountPoints2: F - F:\setup.exe
    HKU\S-1-5-21-1337677906-501067775-1895579387-1000\...\MountPoints2: {b0d091f3-a22f-11e6-be04-c860006ea5ff} - F:\stp-grw.exe
    AppInit_DLLs: C:\ProgramData\Quoteex\Silflex.dll => C:\ProgramData\Quoteex\Silflex.dll [342528 2017-12-08] ()
    AppInit_DLLs-x32: C:\ProgramData\Quoteex\Medstrong.dll => C:\ProgramData\Quoteex\Medstrong.dll [460800 2017-12-08] ()
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-1337677906-501067775-1895579387-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    HKU\S-1-5-21-1337677906-501067775-1895579387-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
    HKU\S-1-5-21-1337677906-501067775-1895579387-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...KItTUi6ZTrVuBN5VadBk6baJb_ypEvAKMpjtU,&q={searchTerms}
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1337677906-501067775-1895579387-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1337677906-501067775-1895579387-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1337677906-501067775-1895579387-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...KItTUi6ZTrVuBN5VadBk6baJb_ypEvAKMpjtU,&q={searchTerms}
    BHO-x32: Brak nazwy -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> Brak pliku
    C:\Program Files (x86)\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi
    FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi [2017-12-08] [Brak podpisu cyfrowego]
    CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...NKQB9RvsOqpQPuwG7g53wvpf3XX160VyNLRIRJvEdZIQ,,
    CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1393887950&from=cor&uid=ST31500341AS_9VS14PNFXXXX9VS14PNF","hxxp://www.goglogo.com/s.asp?lo=Wujek%20Google"
    CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...rjwobs8zpKLmWfwjRGD_ww5cHQC7SI1Kr5N_0,&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR Profile: C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default [2017-12-09]
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbfmjahlfpihaicncgoelafnpcldkpo [2017-12-08]
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcfacnnehocmoflhdppolgdiodnclfig [2017-12-09]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
    S4 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2017-12-08] () [Brak podpisu cyfrowego] <==== UWAGA
    S4 HNService; C:\Users\Niko\AppData\Local\AdService\AdService.dll [711168 2017-12-08] () [Brak podpisu cyfrowego]
    R2 tiser; C:\ProgramData\tiser\run.exe [14848 2017-11-06] () [Brak podpisu cyfrowego]
    S2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f "C:\ProgramData\\Quoteex\\Quoteex.dat" -l -a
    U3 a9qczdok; C:\Windows\System32\Drivers\a9qczdok.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S3 GPU-Z; \??\C:\Users\Niko\AppData\Local\Temp\GPU-Z.sys [X] <==== UWAGA
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    2017-12-09 01:04 - 2017-12-09 01:18 - 000000150 _____ C:\Windows\Reimage.ini
    2017-12-09 01:04 - 2017-12-09 01:04 - 000605424 _____ (Reimage) C:\Users\Niko\Downloads\ReimageRepair.exe
    2017-12-08 23:07 - 2017-12-08 23:07 - 000000266 __RSH C:\Users\Niko\ntuser.pol
    2017-12-08 23:06 - 2017-12-08 23:06 - 000000000 ____D C:\ProgramData\Microleaves
    2017-12-08 23:05 - 2017-12-09 01:46 - 000000308 _____ C:\Windows\Tasks\boQbXxbEJPaDgWztw.job
    2017-12-08 23:05 - 2017-12-09 01:46 - 000000000 ____D C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER
    2017-12-08 23:05 - 2017-12-08 23:20 - 000000000 ____D C:\Program Files (x86)\gVEKLTxUjIE
    2017-12-08 23:05 - 2017-12-08 23:19 - 000000000 ____D C:\Program Files (x86)\FpGcSjfNZDUn
    2017-12-08 23:05 - 2017-12-08 23:05 - 000003060 _____ C:\Windows\System32\Tasks\BmHhCekqquvtRi
    2017-12-08 23:05 - 2017-12-08 23:05 - 000002706 _____ C:\Windows\System32\Tasks\jVVcebPoCjhHKmi2
    2017-12-08 23:05 - 2017-12-08 23:05 - 000000000 ____D C:\ProgramData\tiser
    2017-12-08 23:05 - 2017-12-08 23:05 - 000000000 ____D C:\Program Files (x86)\vknAtWNPMhpU2
    2017-12-08 23:05 - 2017-12-08 23:05 - 000000000 ____D C:\Program Files (x86)\ExRIRmygU
    2017-12-08 23:04 - 2017-12-09 01:45 - 000000286 _____ C:\Windows\Tasks\jVVcebPoCjhHKmi.job
    2017-12-08 23:04 - 2017-12-08 23:05 - 000266330 _____ C:\ProgramData\_tmp.exe
    2017-12-08 23:04 - 2017-12-08 23:05 - 000002560 _____ C:\Windows\System32\Tasks\jVVcebPoCjhHKmi
    2017-12-08 23:04 - 2017-12-08 23:04 - 000015602 _____ C:\Windows\SysWOW64\findit.xml
    2017-12-08 23:04 - 2017-12-08 23:04 - 000004178 __RSH C:\ProgramData\ntuser.pol
    2017-12-08 23:04 - 2017-12-08 23:04 - 000003566 _____ C:\Windows\System32\Tasks\FastDataX Task
    2017-12-08 23:04 - 2017-12-08 23:04 - 000003310 _____ C:\Windows\System32\Tasks\space(title, t_monitor)
    2017-12-08 23:04 - 2017-12-08 23:04 - 000000000 ____D C:\ProgramData\Quoteexs
    2017-12-08 23:04 - 2017-12-08 23:04 - 000000000 ____D C:\ProgramData\9aaed45e-7773-0
    2017-12-08 23:04 - 2017-12-08 23:04 - 000000000 ____D C:\ProgramData\9aaed45e-66c5-1
    2017-12-08 23:04 - 2017-12-08 23:04 - 000000000 ____D C:\ProgramData\24b70e9a-7353-0
    2017-12-08 23:04 - 2017-12-08 23:04 - 000000000 ____D C:\ProgramData\24b70e9a-1077-1
    2017-12-08 23:04 - 2017-12-08 23:04 - 000000000 ____D C:\Program Files (x86)\FastDataX
    2017-12-08 23:03 - 2017-12-08 23:24 - 000000000 ____D C:\ProgramData\Quoteex
    2017-12-08 23:03 - 2017-12-08 23:04 - 000930816 _____ C:\Users\Niko\AppData\Local\po.db
    2017-12-08 23:03 - 2017-12-08 23:04 - 000000000 ____D C:\ProgramData\Logic Cramble
    2017-12-08 23:03 - 2017-12-08 23:03 - 007561216 _____ C:\Users\Niko\AppData\Local\agent.dat
    2017-12-08 23:03 - 2017-12-08 23:03 - 001980843 _____ C:\Users\Niko\AppData\Local\Ventofind.tst
    2017-12-08 23:03 - 2017-12-08 23:03 - 001895381 _____ C:\Users\Niko\AppData\Local\Re-Hold.bin
    2017-12-08 23:03 - 2017-12-08 23:03 - 000278507 _____ C:\Users\Niko\AppData\Local\Newfax.tst
    2017-12-08 23:03 - 2017-12-08 23:03 - 000140800 _____ C:\Users\Niko\AppData\Local\installer.dat
    2017-12-08 23:03 - 2017-12-08 23:03 - 000126464 _____ C:\Users\Niko\AppData\Local\noah.dat
    2017-12-08 23:03 - 2017-12-08 23:03 - 000070800 _____ C:\Users\Niko\AppData\Local\Config.xml
    2017-12-08 23:03 - 2017-12-08 23:03 - 000018432 _____ C:\Users\Niko\AppData\Local\Main.dat
    2017-12-08 23:03 - 2017-12-08 23:03 - 000016416 _____ C:\Users\Niko\AppData\Local\InstallationConfiguration.xml
    2017-12-08 23:03 - 2017-12-08 23:03 - 000005568 _____ C:\Users\Niko\AppData\Local\md.xml
    2017-12-08 23:03 - 2017-12-08 23:02 - 001814528 _____ (TODO: <Company name>) C:\Users\Niko\AppData\Local\Ventofind.exe
    2017-12-08 23:03 - 2017-12-08 23:02 - 001814528 _____ (TODO: <Company name>) C:\Users\Niko\AppData\Local\Newfax.exe
    2017-12-08 23:02 - 2017-12-09 02:30 - 000000342 _____ C:\Windows\Tasks\Online Application V2G6.job
    2017-12-08 23:02 - 2017-12-09 02:30 - 000000342 _____ C:\Windows\Tasks\Online Application V2G5.job
    2017-12-08 23:02 - 2017-12-09 02:30 - 000000342 _____ C:\Windows\Tasks\Online Application V2G4.job
    2017-12-08 23:02 - 2017-12-09 02:26 - 000000342 _____ C:\Windows\Tasks\Online Application V2G3.job
    2017-12-08 23:02 - 2017-12-09 02:26 - 000000342 _____ C:\Windows\Tasks\Online Application V2G2.job
    2017-12-08 23:02 - 2017-12-09 02:26 - 000000342 _____ C:\Windows\Tasks\Online Application V2G1.job
    2017-12-08 23:02 - 2017-12-08 23:35 - 000000000 ____D C:\WinSys
    2017-12-08 23:02 - 2017-12-08 23:23 - 000000000 ____D C:\Applications
    2017-12-08 23:02 - 2017-12-08 23:07 - 000000374 _____ C:\Windows\Tasks\Updater_Online_Application.job
    2017-12-08 23:02 - 2017-12-08 23:03 - 000003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application
    2017-12-08 23:02 - 2017-12-08 23:03 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G6
    2017-12-08 23:02 - 2017-12-08 23:03 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G5
    2017-12-08 23:02 - 2017-12-08 23:03 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G4
    2017-12-08 23:02 - 2017-12-08 23:03 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G3
    2017-12-08 23:02 - 2017-12-08 23:03 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G2
    2017-12-08 23:02 - 2017-12-08 23:03 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G1
    2017-12-08 23:02 - 2017-12-08 23:02 - 000000000 ____D C:\Users\Niko\AppData\Roaming\Microleaves
    2017-12-08 23:02 - 2017-12-08 23:02 - 000000000 ____D C:\Users\Niko\AppData\Local\AdvinstAnalytics
    2017-12-08 23:02 - 2017-12-08 23:02 - 000000000 ____D C:\Program Files (x86)\Microleaves
    2017-12-08 23:01 - 2017-12-08 23:01 - 000000000 ____D C:\Users\Niko\AppData\Local\AdService
    2017-12-08 23:00 - 2017-12-08 23:08 - 000000000 ____D C:\Windows\System32\Tasks\Windows
    2017-12-08 23:00 - 2017-12-08 23:01 - 000003530 _____ C:\Windows\System32\Tasks\PPI Update
    2017-12-08 22:57 - 2017-12-08 22:58 - 001370484 _____ C:\Users\Niko\Downloads\Removewat 2.2.7 pass 123456.rar
    2017-12-08 23:04 - 2017-12-08 23:05 - 000266330 _____ () C:\ProgramData\_tmp.exe
    2017-12-08 23:03 - 2017-12-08 23:03 - 007561216 _____ () C:\Users\Niko\AppData\Local\agent.dat
    2017-12-08 23:03 - 2017-12-08 23:03 - 000070800 _____ () C:\Users\Niko\AppData\Local\Config.xml
    2017-12-08 23:03 - 2017-12-08 23:03 - 000016416 _____ () C:\Users\Niko\AppData\Local\InstallationConfiguration.xml
    2017-12-08 23:03 - 2017-12-08 23:03 - 000140800 _____ () C:\Users\Niko\AppData\Local\installer.dat
    2017-12-08 23:03 - 2017-12-08 23:03 - 000018432 _____ () C:\Users\Niko\AppData\Local\Main.dat
    2017-12-08 23:03 - 2017-12-08 23:03 - 000005568 _____ () C:\Users\Niko\AppData\Local\md.xml
    2017-12-08 23:03 - 2017-12-08 23:02 - 001814528 _____ (TODO: <Company name>) C:\Users\Niko\AppData\Local\Newfax.exe
    2017-12-08 23:03 - 2017-12-08 23:03 - 000278507 _____ () C:\Users\Niko\AppData\Local\Newfax.tst
    2017-12-08 23:03 - 2017-12-08 23:03 - 000126464 _____ () C:\Users\Niko\AppData\Local\noah.dat
    2017-12-08 23:03 - 2017-12-08 23:04 - 000930816 _____ () C:\Users\Niko\AppData\Local\po.db
    2017-12-08 23:03 - 2017-12-08 23:03 - 001895381 _____ () C:\Users\Niko\AppData\Local\Re-Hold.bin
    2017-08-16 09:07 - 2017-08-16 09:07 - 000002566 _____ () C:\Users\Niko\AppData\Local\recently-used.xbel
    2017-12-08 23:04 - 2017-12-08 23:04 - 000032038 _____ () C:\Users\Niko\AppData\Local\uninstall_temp.ico
    2017-12-08 23:03 - 2017-12-08 23:02 - 001814528 _____ (TODO: <Company name>) C:\Users\Niko\AppData\Local\Ventofind.exe
    2017-12-08 23:03 - 2017-12-08 23:03 - 001980843 _____ () C:\Users\Niko\AppData\Local\Ventofind.tst
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #5 09 Gru 2017 15:17
    Mixair
    Poziom 2  

    Dziękuję bardzo za pomoc, już chyba wszystko w porządku.

    0