Elektroda.pl
Elektroda.pl
X
SterControl
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] usunięcie safefinder z komputera (win 7)

adam199222 23 Mar 2018 11:04 576 8
  • #1 23 Mar 2018 11:04
    adam199222
    Poziom 2  

    Witam,

    WIem, ze podobnych tematów już jest pełno, ale pomimo prześledzenia tematów, dalej nie wiem w jaki sposób można stworzyć plik naprawiający w "frst". Robak siedzi dalej w chromie (z IE jakos wyrzuciłem)

    cc mam - czyszczenie rejestru nic nie dało
    Wszystkie pliki z komputera powiazane z "safefinderem" usunąłem
    antymalware nie mogę zainstalować z powodu, wyskakuje mi, ze administrator zabronił.

    Prośze o pomoc, co mam robić po kolei, zamieszczam logi z FRST. Pozdrawiam

    0 8
  • SterControl
  • #3 23 Mar 2018 11:23
    Kolobos
    Spec od komputerów

    Uzyj AdwCleaner i usun to co wykryje.

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {02210E04-C256-4FC9-A165-A45698FF6736} - System32\Tasks\psv_Geohome => cmd.exe /c regedit.exe /s "C:\ProgramData\Subair\Jobin.reg" & del "C:\ProgramData\Subair\Jobin.reg" & SCHTASKS /Delete /TN "psv_Geohome" /F <==== UWAGA
    Task: {044AFE69-34B4-4DC9-BDAA-E144481B8E43} - System32\Tasks\JPEG Link Collector => C:\Windows\system32\rundll32.exe "C:\Program Files\JPEG Link Collector\JPEG Link Collector.dll",FdztnILeQsrI <==== UWAGA
    Task: {19F3B099-579D-48E8-BA95-025802DB8077} - System32\Tasks\psv_StanSonfax => cmd.exe /c regedit.exe /s "C:\ProgramData\Subair\Overcore.reg" & del "C:\ProgramData\Subair\Overcore.reg" & SCHTASKS /Delete /TN "psv_StanSonfax" /F <==== UWAGA
    Task: {222EFAED-F80E-40E7-8B6D-DEDDBAC92580} - System32\Tasks\{E2058B09-D259-4F75-B3D8-F327DA8815C6} => C:\Users\Adam\Desktop\firma\fpp390.exe
    Task: {2CCDAAB4-2918-45E3-BB1C-583246C3C7D0} - System32\Tasks\{B2A67DBF-5B15-4E97-9FED-04272A03B6F8} => C:\Users\Adam\Desktop\firma\fpp390.exe
    Task: {38EF6BFD-76A5-4A4A-8826-0E988B7F86DB} - System32\Tasks\{C662DC5E-F285-4FEF-A5A8-702C76DBD3B5} => C:\Windows\system32\pcalua.exe -a "D:\desperados\VMware Workstation 12 Pro v12.5.0 build 4352439 Final x64\VMware-workstation-full-12.5.0-4352439.exe" -d "D:\desperados\VMware Workstation 12 Pro v12.5.0 build 4352439 Final x64"
    Task: {43723DCC-EC5F-45C1-A0C5-E5C87E4154B5} - System32\Tasks\{462AB31B-903D-4910-8193-1DBDF57F1CA2} => C:\Users\Adam\Desktop\firma\fpp390.exe
    Task: {438EE22F-2624-451C-97A4-D6203179340A} - System32\Tasks\{0EACE4A0-C9DD-4B85-ACE4-A3EA5EC81042} => C:\Users\Adam\Desktop\firma\fpp390.exe
    Task: {4DE97DBA-2FBE-4F99-BF3E-F9A484F30B5F} - System32\Tasks\{3FDDED8E-A4A1-4EF0-8B2C-9059FCF325CF} => C:\Windows\system32\pcalua.exe -a "C:\drivers\Touchpad driver (Synaptics, Elan)\DriverSetup.exe" -d "C:\drivers\Touchpad driver (Synaptics, Elan)"
    Task: {4FBC1B48-E989-4AC8-BF54-3ED0A2F2A43A} - System32\Tasks\psv_Kin-Tom => cmd.exe /c regedit.exe /s "C:\ProgramData\Subair\Betaron.reg" & del "C:\ProgramData\Subair\Betaron.reg" & SCHTASKS /Delete /TN "psv_Kin-Tom" /F <==== UWAGA
    Task: {52A88DF9-54CA-4C0A-B4C5-A07C1A02AD21} - System32\Tasks\{A0CC00F2-C24B-4C47-985E-977342F92BB6} => C:\Users\Adam\Desktop\firma\fpp390.exe
    Task: {59527045-2DF5-446A-8983-0D08900A23C4} - System32\Tasks\{BA48EAD9-E0A0-48F9-95F5-C992B292BB7F} => C:\Users\Adam\Desktop\firma\fpp390.exe
    Task: {745BFDA2-743F-44E5-A286-109043E57B4B} - System32\Tasks\psv_Keylab => cmd.exe /c regedit.exe /s "C:\ProgramData\Subair\BamFresh.reg" & del "C:\ProgramData\Subair\BamFresh.reg" & SCHTASKS /Delete /TN "psv_Keylab" /F <==== UWAGA
    Task: {760FDAC7-F2D8-4908-87D2-E048C3E13D5B} - System32\Tasks\{20FBADB1-ED70-4E54-A653-2C65D131788B} => C:\Windows\system32\pcalua.exe -a "C:\drivers\Bluetooth Driver(Intel, Realtek, Qualcomm)\Setup.exe" -d "C:\drivers\Bluetooth Driver(Intel, Realtek, Qualcomm)"




    Task: {7CDC9DEF-7551-4A3C-9B0C-2FF3C600806A} - System32\Tasks\{7B18002E-EB2D-4E4C-BF41-CA733B2426B8} => C:\Users\Adam\Desktop\firma\fpp390.exe
    Task: {921299E3-49D3-44F1-A34D-8AF032E02268} - System32\Tasks\{AEB0BDBB-2464-41E2-B5BE-4CE9354A5B05} => C:\Users\Adam\Desktop\firma\fpp390.exe
    Task: {A157C46B-1D6E-43C1-90C5-8C9B3F00B532} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
    Task: {BFB565DD-6F39-401C-8C35-85BCE46945A1} - System32\Tasks\{D2798139-A767-4AE2-B4D7-D89AF6EC554B} => C:\Windows\SysWOW64\OUMUyTxvp.exe [1623-04-04] (Microsoft Corporation)
    Task: {C9DBC8FB-F74E-401C-B0FE-8B71E29EFC6B} - System32\Tasks\{0859E465-BECE-4C86-A191-8603166D75EC} => C:\Users\Adam\AppData\Roaming\aiJieTyi.exe [1623-04-04] (Microsoft Corporation) <==== UWAGA
    Task: {CC319752-05C0-4958-8CC7-E82026B1DB8E} - System32\Tasks\psv_Singcore => cmd.exe /c regedit.exe /s "C:\ProgramData\Subair\RankKaycore.reg" & del "C:\ProgramData\Subair\RankKaycore.reg" & SCHTASKS /Delete /TN "psv_Singcore" /F <==== UWAGA
    Task: {CDE5E516-F173-4261-B9EE-B86706696721} - System32\Tasks\{466B2562-5B78-49EA-A9F5-9D99ED7C3F2A} => C:\Users\Adam\Desktop\firma\fpp390.exe
    Task: {EEF8DF97-9500-439C-A565-B97D603AB029} - System32\Tasks\{94E0C62E-0232-48BA-8360-81F799406F80} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Goldfan\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Goldfan\uninstall.dat" -a uninstallme 466411A0-8F79-4049-BE65-C0C4D5FD9157 DeviceId=2a460ca4-286f-9c9a-cb28-f14aae618304 BarcodeId=51749003 ChannelId=3 DistributerName=APSFBcnmonetize
    ShortcutWithArgument: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    Hosts:
    () C:\Windows\Temp\g736B.tmp.exe
    (www.xmrig.com) C:\Users\Adam\AppData\Local\Temp\xmrig.exe
    HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
    HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
    HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
    HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
    HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
    HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
    HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
    HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
    HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
    AppInit_DLLs: C:\ProgramData\AppriabuS\Freshity.dll => C:\ProgramData\AppriabuS\Freshity.dll [342528 2018-03-22] ()
    ShellExecuteHooks: Brak nazwy - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} - C:\Windows\System32\mcicda64.dll [904704 2018-03-13] ()
    GroupPolicy: Ograniczenia <==== UWAGA
    ProxyServer: [S-1-5-21-3927086866-3648836543-2810317994-1000] => http=;ftp=;https=;
    RemoveProxy:
    HKU\S-1-5-21-3927086866-3648836543-2810317994-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...LwpSppf-6bPvtkUqTOQNjxD0fUAZt_ypKumg,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...LwpSppf-6bPvtkUqTOQNjxD0fUAZt_ypKumg,,&q={searchTerms}
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
    FF Homepage: Mozilla\Firefox\Profiles\tmp1s821.default-1510046374873 -> C:\ProgramData\AppriabuSs\ff.HP
    FF NewTab: Mozilla\Firefox\Profiles\tmp1s821.default-1510046374873 -> C:\ProgramData\AppriabuSs\ff.NT
    FF SearchPlugin: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\tmp1s821.default-1510046374873\searchplugins\findit.xml [2018-03-22]
    FF Extension: (__MSG_appName__) - C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi [2018-03-22] [Brak podpisu cyfrowego]
    C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\3323632.js [2017-10-31] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\3323632.cfg [2017-10-31] <==== UWAGA
    CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...saPXDmQ8_xHc3idLQLb0N-K7kczuoEAWmsdy-Nke-Ww,,,,
    CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...beXjHZTaQ04KV2jUjmJqZJk42bzP3avnqU-Q,,&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    S2 AppriabuS; C:\ProgramData\\AppriabuS\\AppriabuS.exe shuz -f "C:\ProgramData\\AppriabuS\\AppriabuS.dat" -l -a
    S2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [X] <==== UWAGA
    U3 aswbdisk; Brak ImagePath
    S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
    2018-03-22 20:41 - 2018-03-22 20:41 - 000000000 ____D C:\ProgramData\AppriabuSs
    2018-03-22 20:40 - 2018-03-23 04:42 - 000000000 ____D C:\ProgramData\AppriabuS
    2018-03-22 20:33 - 2018-03-22 20:33 - 000003584 _____ C:\Windows\System32\Tasks\{94E0C62E-0232-48BA-8360-81F799406F80}
    2018-03-22 20:31 - 2018-03-22 20:31 - 000003258 _____ C:\Windows\System32\Tasks\psv_Keylab
    2018-03-22 20:31 - 2018-03-22 20:31 - 000003256 _____ C:\Windows\System32\Tasks\psv_Kin-Tom
    2018-03-22 20:31 - 2018-03-22 20:31 - 000003248 _____ C:\Windows\System32\Tasks\psv_Geohome
    2018-03-22 20:30 - 2018-03-23 04:42 - 000000000 ____D C:\ProgramData\Logic Cramble
    2018-03-22 20:30 - 2018-03-22 20:41 - 000015611 _____ C:\Windows\SysWOW64\findit.xml
    2018-03-22 20:30 - 2018-03-22 20:31 - 000000000 ____D C:\ProgramData\Subairs
    2018-03-22 20:30 - 2018-03-22 20:30 - 007595520 _____ C:\Users\Adam\AppData\Local\agent.dat
    2018-03-22 20:30 - 2018-03-22 20:30 - 001985882 _____ C:\Users\Adam\AppData\Local\Treseco.tst
    2018-03-22 20:30 - 2018-03-22 20:30 - 000126464 _____ C:\Users\Adam\AppData\Local\noah.dat
    2018-03-22 20:30 - 2018-03-22 20:30 - 000070896 _____ C:\Users\Adam\AppData\Local\Config.xml
    2018-03-22 20:30 - 2018-03-22 20:30 - 000018432 _____ C:\Users\Adam\AppData\Local\Main.dat
    2018-03-22 20:30 - 2018-03-22 20:30 - 000005568 _____ C:\Users\Adam\AppData\Local\md.xml
    2018-03-22 20:30 - 2018-03-22 20:30 - 000003274 _____ C:\Windows\System32\Tasks\psv_Singcore
    2018-03-22 20:30 - 2018-03-22 20:30 - 000003266 _____ C:\Windows\System32\Tasks\psv_StanSonfax
    2018-03-22 20:30 - 2018-03-22 20:30 - 000000000 ____D C:\Users\Adam\AppData\Roaming\FastDataX
    2018-03-22 20:29 - 2018-03-23 10:02 - 000016740 _____ C:\Windows\System32\Tasks\JPEG Link Collector
    2018-03-22 20:29 - 2018-03-23 07:21 - 000000266 __RSH C:\ProgramData\ntuser.pol
    2018-03-22 20:29 - 2018-03-22 21:18 - 000000000 ____D C:\ProgramData\PrefsSecure
    2018-03-22 20:26 - 2018-03-23 04:42 - 000000000 ____D C:\Users\Adam\AppData\Local\e934fa7b48b345a2ad6bb074b1edde11
    2018-03-22 20:24 - 2018-03-22 20:24 - 000000000 ____D C:\Users\Adam\AppData\Roaming\SystemHealer
    2018-03-22 20:23 - 2018-03-22 20:41 - 000930816 _____ C:\Users\Adam\AppData\Local\po.db
    2018-03-22 20:23 - 2018-03-22 20:28 - 000016080 _____ C:\Users\Adam\AppData\Local\InstallationConfiguration.xml
    2018-03-22 20:23 - 2018-03-22 20:23 - 000140800 _____ C:\Users\Adam\AppData\Local\installer.dat
    2018-03-22 20:21 - 2018-03-23 04:42 - 000000000 ____D C:\Users\Adam\AppData\Roaming\7ae9906c18094f2d84cfe76ad9b86518
    2018-03-22 20:21 - 2018-03-23 04:42 - 000000000 ____D C:\ProgramData\cbcc3d7e09d5424fbba8ac132b6f79f9
    2018-03-22 20:21 - 2018-03-23 04:42 - 000000000 ____D C:\ProgramData\2e6a7b1feedd4fac9e97e2ca767f0219
    2018-03-22 20:21 - 2018-03-23 04:42 - 000000000 ____D C:\Program Files (x86)\screenrecorder
    2018-03-22 20:21 - 2018-03-22 21:58 - 000000000 ____D C:\Users\Adam\AppData\Local\78e132a74639427189f5414fac509b3c
    2018-03-22 20:21 - 2018-03-22 21:46 - 000000000 ____D C:\ProgramData\69c3a47f36a04aac82b214f3339bac0c
    2018-03-22 20:21 - 2018-03-22 20:21 - 000000000 ____D C:\Users\Adam\AppData\Roaming\aec5f9de114445c0b445a8c559a5ed18
    2018-03-22 20:21 - 2018-03-22 20:21 - 000000000 ____D C:\Program Files\My Program
    2018-03-22 20:21 - 2018-03-13 06:19 - 000904704 _____ C:\Windows\system32\mcicda64.dll
    2018-03-22 20:20 - 2018-03-22 20:20 - 000003648 _____ C:\Windows\System32\Tasks\{0859E465-BECE-4C86-A191-8603166D75EC}
    2018-03-22 20:20 - 2018-03-22 20:20 - 000003440 _____ C:\Windows\System32\Tasks\{D2798139-A767-4AE2-B4D7-D89AF6EC554B}
    2018-03-22 20:20 - 2018-03-22 20:20 - 000000003 _____ C:\Users\Adam\AppData\Local\wbem.ini
    2018-03-22 20:19 - 2018-03-22 20:19 - 000000000 ____D C:\Users\Adam\AppData\Local\FastDataX
    2018-03-22 20:19 - 2018-03-22 20:19 - 000000000 _____ C:\Users\Adam\AppData\Roaming\am10.tmp
    1623-04-04 12:34 - 1623-04-04 12:34 - 000073216 ____N (Microsoft Corporation) C:\Users\Adam\AppData\Roaming\aiJieTyi.exe
    2018-03-22 20:19 - 2018-03-22 20:19 - 000000000 _____ () C:\Users\Adam\AppData\Roaming\am10.tmp
    2018-03-03 13:37 - 2018-03-04 13:35 - 366870165 _____ () C:\Users\Adam\AppData\Local\ACCCx4_4_1_298.zip.aamdownload
    2018-03-03 13:37 - 2018-03-04 13:35 - 000004029 _____ () C:\Users\Adam\AppData\Local\ACCCx4_4_1_298.zip.aamdownload.aamd
    2018-03-22 20:30 - 2018-03-22 20:30 - 007595520 _____ () C:\Users\Adam\AppData\Local\agent.dat
    2018-03-22 20:30 - 2018-03-22 20:30 - 000070896 _____ () C:\Users\Adam\AppData\Local\Config.xml
    2018-03-22 20:23 - 2018-03-22 20:28 - 000016080 _____ () C:\Users\Adam\AppData\Local\InstallationConfiguration.xml
    2018-03-22 20:23 - 2018-03-22 20:23 - 000140800 _____ () C:\Users\Adam\AppData\Local\installer.dat
    2018-03-22 20:30 - 2018-03-22 20:30 - 000018432 _____ () C:\Users\Adam\AppData\Local\Main.dat
    2018-03-22 20:30 - 2018-03-22 20:30 - 000005568 _____ () C:\Users\Adam\AppData\Local\md.xml
    2018-03-22 20:30 - 2018-03-22 20:30 - 000126464 _____ () C:\Users\Adam\AppData\Local\noah.dat
    2018-03-22 20:23 - 2018-03-22 20:41 - 000930816 _____ () C:\Users\Adam\AppData\Local\po.db
    2018-03-22 20:30 - 2018-03-22 20:30 - 001985882 _____ () C:\Users\Adam\AppData\Local\Treseco.tst
    2018-03-22 20:31 - 2018-03-22 20:31 - 000032038 _____ () C:\Users\Adam\AppData\Local\uninstall_temp.ico
    2018-03-22 20:20 - 2018-03-22 20:20 - 000000003 _____ () C:\Users\Adam\AppData\Local\wbem.ini
    EmptyTemp:

    Po wykonaniu zrob pelny skan przy pomocy mbam i usun to co wykryje.

    Na koniec zamiesc nowe logi z FRST, ze skanowania.


    @PITERRR to nie sa programy, tylko blokada ustawiona przez infekcje. Autor nie ma nawet jednego antywirusa. Nie wiem po co przegladasz te logi skoro i tak nie wiesz o co chodzi.

    0
  • SterControl
  • #4 23 Mar 2018 12:22
    adam199222
    Poziom 2  

    Piterrr

    Nie mam antywirusa i nie chce miec, jak mam z czyms problem to sciagam i wyrzucam.
    Nie wiem czy cos zostaje na komputerze, nie zamulał mi wiec nie interesowalem sie tym.

    Kolobos

    Pomogło, chrom czysty, załączam Ci log, zalaczam CI rowniez log z adwcleanera (wyszlo 37problemow):oczywiscie dalem na naprawe.
    Napisz mi prosze, czy juz ok, Mozna CI dac jakiegos plus czy cos? Dzieki za pomoc

    0
  • Pomocny post
    #6 23 Mar 2018 12:31
    Kolobos
    Spec od komputerów

    @adam199222 zamiesc jeszcze nowe logi z FRST, ze skanowania. Fixlog jest zbedny.

    0
  • Pomocny post
    #8 23 Mar 2018 12:44
    Kolobos
    Spec od komputerów

    Wykonaj jeszcze taki Fixlist.txt dla FRST:
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [{BFD98515-CD74-48A4-98E2-13D209E3EE4F}] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} => -> Brak pliku
    2018-03-22 21:14 - 2018-03-22 21:14 - 000000000 ___HD C:\$AV_ASW
    2018-03-22 20:55 - 2018-03-22 20:55 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
    2018-03-22 20:34 - 2018-03-22 20:34 - 000178320 _____ (AVAST Software) C:\Users\Adam\Downloads\avast_free_antivirus_setup_online.exe
    2018-03-23 11:59 - 2017-11-02 18:23 - 000000000 ____D C:\AdwCleaner

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #9 23 Mar 2018 12:50
    adam199222
    Poziom 2  

    Pomógł mi użytkownik KOLOBOS za pomocą adw cleanera i FRST.

    0