x-kom hosting

Wirus malware "Supporter"

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)

Otwórz Notatnik i wklej w nim:

DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}


DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}
Task: {00A2B968-0A44-43FB-82F7-9B69A5F69092} - System32\Tasks\0b339364-c268-4b80-8040-8633b5a42488-1 => C:\Program Files (x86)\Browsers Apps\Browsers Apps-codedownloader.exe [2014-08-05] (browser) <==== UWAGA
Task: {0616C392-BA16-47F5-A8DB-F17ED1661E71} - System32\Tasks\rhB2FIGlE8 => C:\Users\Patii\AppData\Roaming\rhB2FIGlE8.exe <==== UWAGA
Task: {06DC41B1-CF6E-4DE4-BE1F-5900CFE68395} - System32\Tasks\685e1e27-e079-4256-b03d-ef61b0d6206d => C:\Program Files (x86)\videos MediaPlay-Air\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4.exe <==== UWAGA
Task: {08000B9E-BBC3-488D-8A6D-68F0024FA888} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== UWAGA
Task: {0BA8DCE1-760F-4C97-BC13-9B929F33A4C4} - System32\Tasks\new_game_updating_service => C:\Program Files (x86)\new game\new_game_updating_service.exe <==== UWAGA
Task: {1F329FC8-CF4E-49B3-98C7-EDCFC6CC34A6} - System32\Tasks\new_game_notification_service => C:\Program Files (x86)\new game\new_game_notification_service.exe <==== UWAGA
Task: {288BD29C-1A0A-4784-B171-A826F14F869B} - System32\Tasks\1G4MoIs7 => C:\Users\Patii\AppData\Roaming\1G4MoIs7.exe <==== UWAGA
Task: {6A9D1518-47EA-4B05-AD0B-88EB09BAEEDA} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== UWAGA
Task: {7535124B-16B0-4F13-9585-368942D6DED2} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== UWAGA
Task: {88675639-CF87-43AB-AB24-17121A674A1D} - System32\Tasks\{635DC5D0-9949-473B-BD02-F2D02CDF6B1E} => pcalua.exe -a F:\DirectX\DXSETUP.EXE -d F:\DirectX
Task: {AC6D606C-4396-4163-B6E0-8148D7F59E0D} - System32\Tasks\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4 => C:\Program Files (x86)\videos MediaPlay-Air\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4.exe <==== UWAGA
Task: {B27900C3-E34C-4668-82F5-06418E18AC02} - System32\Tasks\6a5e0766-1fff-47bb-af12-147db1944388 => C:\Program Files (x86)\Browsers Apps\0b339364-c268-4b80-8040-8633b5a42488-4.exe <==== UWAGA
Task: {C073D36D-7388-4D4F-8C10-7C4228B4BA19} - System32\Tasks\{7303CBD8-74CF-4927-8F28-6735901257CD} => pcalua.exe -a "C:\Program Files (x86)\DCoder Image Source\uninstall.exe"
Task: {CDAB1224-C645-4FFA-B931-DE76F455DBD8} - System32\Tasks\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-1 => C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe <==== UWAGA
Task: {D0E6A908-9CD1-4B54-B52A-A4DD3B27A13D} - System32\Tasks\0b339364-c268-4b80-8040-8633b5a42488-4 => C:\Program Files (x86)\Browsers Apps\0b339364-c268-4b80-8040-8633b5a42488-4.exe <==== UWAGA
Task: {DA9FD2FC-5BD4-45F3-AC91-F9B9447B5F3B} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== UWAGA
Task: {E46DD1C5-4778-4996-A13E-2FEA69B9BAEF} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== UWAGA
Task: {E6585012-11DB-4B7A-91FC-53587253524E} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== UWAGA
RemoveDirectory: C:\Program Files (x86)\Browsers Apps
RemoveDirectory: C:\Program Files (x86)\globalUpdate
RemoveDirectory: C:\Program Files (x86)\RCP
RemoveDirectory: C:\Program Files (x86)\videos MediaPlay-Air
RemoveDirectory: C:\Program Files (x86)\MyPC Backup
C:\Users\Patii\AppData\Roaming\1G4MoIs7.exe
C:\Program Files (x86)\new game
Task: C:\WINDOWS\Tasks\new_game_notification_service.job => C:\Program Files (x86)\new game\new_game_notification_service.exeǤ/url='hxxp:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='new game' /appid='73143' /srcid='2913' /bic='a89d3db20d70a8fbe05268833a3b1e82' /verifier='57f9ae592c9998d29e2b8a506ee8c5f3' /installerversion='1.50.3.10' /statsdomain='hxxp:/stats.buildomserv.com/data.gif?' /errorsdomain='hxxp:/stats.buildomserv.com/data.gif?' /monetizationdomain='hxxp:/logs.buildomserv.com/monetization.gif <==== UWAGA
Task: C:\WINDOWS\Tasks\new_game_updating_service.job => C:\Program Files (x86)\new game\new_game_updating_service.exe© /campid=2913 /verid=1 /url=hxxp:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=new_game_updating_service /funurl=hxxp:/stats.buildomserv.com <==== UWAGA
Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\rhB2FIGlE8.job => C:\Users\Patii\AppData\Roaming\rhB2FIGlE8.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\0b339364-c268-4b80-8040-8633b5a42488-1.job => C:\Program Files (x86)\Browsers Apps\Browsers Apps-codedownloader.exeɡ/bACuvyZYs /gDwSoa=task /wBeAJS='Browsers Apps' /bjuuF=61787 /Lzzhb='001738' /ixabY='0' /TFrJs='0' /qnjItqW=51D5D353097546269F1CA7148B702C00IE /sNKZRp=9c654f5c530c0be7465577bcd2de5075 /irIEEtNr=1_34_07_29 /cxwgI=1.34.7.29 /vbozDJi=1407253918 /QvhSYlpK=hxxp:/stats.infostatsserv.com /FOPAZbDo=hxxp:/errors.infostatsserv.com /nhRONkxQ=hxxp:/js.infostatsserv.com /nzyKBo=ff /dykimqj='Browsers Apps' /iuJVzoY=hxxp:/js.clientdemocloud.com /FcdKKPwSh /dsvnjasIM='{asw:[2, -2113929212, 4096]}' /mDzKvAR='hxxp:/update.infostatsserv.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== UWAGA
Task: C:\WINDOWS\Tasks\0b339364-c268-4b80-8040-8633b5a42488-4.job => C:\Program Files (x86)\Browsers Apps\0b339364-c268-4b80-8040-8633b5a42488-4.exe͌/qZuFb /wBeAJS='Browsers Apps' /yuuFNwVV C:\Program Files (x86)\Browsers Apps\0b339364-c268-4b80-8040-8633b5a42488.xpi' /bjuuF=61787 /Lzzhb='001738' /ixabY='0' /TFrJs='0' /qnjItqW=51D5D353097546269F1CA7148B702C00IE /sNKZRp=9c654f5c530c0be7465577bcd2de5075 /irIEEtNr=1_34_07_29 /cxwgI=1.34.7.29 /vbozDJi=1407253918 /QvhSYlpK=hxxp:/stats.infostatsserv.com /FOPAZbDo=hxxp:/errors.infostatsserv.com /jnEPeQO=300 /zQZgyovmN=herman.thorne45@outlook.com /jJObn=0.95 /LhJeP=ahermanthorne45outlookcom61787 /GEGuogs=hxxps:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/61787.rdf /eJquCb='Browsers Apps' /BQNMQ='Enhancing browsing experience' /zHyYGddTs='browser' /nzyKBo=ff /dsvnjasIM='{asw:[2, -2113929212, 4096]}' /FcdKKPwSh /uqVGi /XfsmEjQ /mDzKvAR='hxxp:/update.infostatsserv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== UWAGA
Task: C:\WINDOWS\Tasks\1G4MoIs7.job => C:\Users\Patii\AppData\Roaming\1G4MoIs7.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-1.job => C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exeʐ/bACuvyZYs /gDwSoa=task /wBeAJS='videos MediaPlay-Air' /bjuuF=61799 /Lzzhb='001673' /ixabY='verticals-ads,intext,pops,shopping' /TFrJs='0' /qnjItqW=1B651CE51A974D56A73120A167E83FE9IE /sNKZRp=c13461f2cee64dcf5b1b740a8cadfa0c /irIEEtNr=1_34_07_29 /cxwgI=1.34.7.29 /vbozDJi=1407253913 /QvhSYlpK=hxxp:/stats.infostatsserv.com /FOPAZbDo=hxxp:/errors.infostatsserv.com /nhRONkxQ=hxxp:/js.infostatsserv.com /nzyKBo=ff /dykimqj='videos MediaPlay-Air' /iuJVzoY=hxxp:/js.clientdemocloud.com /FcdKKPwSh /dsvnjasIM='{asw:[2, -2113929212, 4096]}' /mDzKvAR='hxxp:/update.infostatsserv.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== UWAGA
Task: C:\WINDOWS\Tasks\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4.job => C:\Program Files (x86)\videos MediaPlay-Air\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4.exeφ/qZuFb /wBeAJS='videos MediaPlay-Air' /yuuFNwVV C:\Program Files (x86)\videos MediaPlay-Air\42d3747b-dde9-4d69-a6d3-74eb8d2a0178.xpi' /bjuuF=61799 /Lzzhb='001673' /ixabY='verticals-ads,intext,pops,shopping' /TFrJs='0' /qnjItqW=1B651CE51A974D56A73120A167E83FE9IE /sNKZRp=c13461f2cee64dcf5b1b740a8cadfa0c /irIEEtNr=1_34_07_29 /cxwgI=1.34.7.29 /vbozDJi=1407253913 /QvhSYlpK=hxxp:/stats.infostatsserv.com /FOPAZbDo=hxxp:/errors.infostatsserv.com /jnEPeQO=300 /zQZgyovmN=5c8764929678437cbd90994a5a82@ac863d978ade40948f4c7f15bb3c4.com /jJObn=0.95 /LhJeP=a5c8764929678437cbd90994a5a82ac863d978ade40948f4c7f15bb3c4com61799 /GEGuogs=hxxps:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/61799.rdf /eJquCb='videos MediaPlay-Air' /BQNMQ='MediaPlayerEnhance Extension' /zHyYGddTs='enter' /nzyKBo=ff /dsvnjasIM='{asw:[2, -2113929212, 4096]}' /FcdKKPwSh /uqVGi /XfsmEjQ /mDzKvAR='hxxp:/update.infostatsserv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== UWAGA
Task: C:\WINDOWS\Tasks\685e1e27-e079-4256-b03d-ef61b0d6206d.job => C:\Program Files (x86)\videos MediaPlay-Air\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\6a5e0766-1fff-47bb-af12-147db1944388.job => C:\Program Files (x86)\Browsers Apps\0b339364-c268-4b80-8040-8633b5a42488-4.exe <==== UWAGA
ShortcutWithArgument: C:\Users\Patii\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=1434130231&z=c16cfaa28c2cffe4be5ab3eg9z0c8zcgcceedo6c2e&from=ient06120&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => Brak pliku
AppInit_DLLs:  C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => Brak pliku
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Brak pliku
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437669589&z=bba7730183c2046398d83f7gaz0c0m4q4q8t0wdz0t&from=cornl&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437669589&z=bba7730183c2046398d83f7gaz0c0m4q4q8t0wdz0t&from=cornl&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437669589&z=bba7730183c2046398d83f7gaz0c0m4q4q8t0wdz0t&from=cornl&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437669589&z=bba7730183c2046398d83f7gaz0c0m4q4q8t0wdz0t&from=cornl&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX&q={searchTerms}
HKU\S-1-5-21-3433028086-2115163689-1266408597-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1434130231&z=c16cfaa28c2cffe4be5ab3eg9z0c8zcgcceedo6c2e&from=ient06120&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX&q={searchTerms}
HKU\S-1-5-21-3433028086-2115163689-1266408597-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={56872F89-2806-41D3-A5A7-43C3F5E01A62}&mid=5b3132b015fc47d29d1a693f79eb3291-8ca7871c132a14ff7a2e1ce3fb2d68b9540df5e8&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb2&pr=fr&d=2014-11-10 11:56:23&v=4.3.4.122&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3433028086-2115163689-1266408597-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1434130231&z=c16cfaa28c2cffe4be5ab3eg9z0c8zcgcceedo6c2e&from=ient06120&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={56872F89-2806-41D3-A5A7-43C3F5E01A62}&mid=5b3132b015fc47d29d1a693f79eb3291-8ca7871c132a14ff7a2e1ce3fb2d68b9540df5e8&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb2&pr=fr&d=2014-11-10 11:56:23&v=4.3.4.122&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> {66E3D073-0797-4DF8-918B-E3C5EBB8AC07} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={56872F89-2806-41D3-A5A7-43C3F5E01A62}&mid=5b3132b015fc47d29d1a693f79eb3291-8ca7871c132a14ff7a2e1ce3fb2d68b9540df5e8&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb2&pr=fr&d=2014-11-10 11:56:23&v=4.3.4.122&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Browsers Apps -> {11111111-1111-1111-1111-110611171187} -> Brak pliku
BHO: videos MediaPlay-Air -> {11111111-1111-1111-1111-110611171199} -> Brak pliku
BHO: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
IE Session Restore: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> [funkcja włączona]
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1434130231&z=c16cfaa28c2cffe4be5ab3eg9z0c8zcgcceedo6c2e&from=ient06120&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX
FF user.js: detected! => C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\user.js [2016-09-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml [2015-06-12]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml [2014-08-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-07-21]
FF Extension: (Browsers App) - C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\extensions\herman.thorne45@outlook.com [2015-07-03] [Brak podpisu cyfrowego]
FF Extension: (Brak nazwy) - C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\extensions\avg@toolbar.xpi [nie znaleziono]
FF Extension: (Brak nazwy) - C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2016-08-22] [Brak podpisu cyfrowego]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== UWAGA (Linkuje do pliku *.cfg)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== UWAGA
R1 {42e50651-9669-456e-9081-d5a836274274}w64; C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys [44728 2014-09-17] (StdLib)
S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys
C:\ProgramData\1WinManPro1
C:\Program Files (x86)\MadVR
HOSTS:
EmptyTemp:


Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

 

Zrób nowe logi FRST.

.(zajrzę tu nie wcześniej, niż o 23:00)

  • Dobra wypowiedź 1
Chrupek02
komentarz
komentarz

Zrobiony. 

Kolejne logi: 

Addition.txt

FRST.txt

Twój_Anioł_Stróż
komentarz
komentarz

Nic się nie usunęło.

To wygląda tak, jakby wcale nie było usuwania.

 

Powtórka:

Otwórz Notatnik i wklej w nim:

DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}


DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}
C:\Users\Patii\AppData\Roaming\1G4MoIs7.exe
C:\Users\Patii\AppData\Roaming\rhB2FIGlE8.exe
RemoveDirectory: C:\Program Files (x86)\RCP
RemoveDirectory: C:\Program Files (x86)\new game
RemoveDirectory: C:\Program Files (x86)\globalUpdate
RemoveDirectory: C:\Program Files (x86)\Browsers Apps
RemoveDirectory: C:\Program Files (x86)\videos MediaPlay-Air
RemoveDirectory: C:\Program Files (x86)\MyPC Backup
Task: {00A2B968-0A44-43FB-82F7-9B69A5F69092} - System32\Tasks\0b339364-c268-4b80-8040-8633b5a42488-1 => C:\Program Files (x86)\Browsers Apps\Browsers Apps-codedownloader.exe [2014-08-05] (browser) <==== UWAGA
Task: {0616C392-BA16-47F5-A8DB-F17ED1661E71} - System32\Tasks\rhB2FIGlE8 => C:\Users\Patii\AppData\Roaming\rhB2FIGlE8.exe <==== UWAGA
Task: {06DC41B1-CF6E-4DE4-BE1F-5900CFE68395} - System32\Tasks\685e1e27-e079-4256-b03d-ef61b0d6206d => C:\Program Files (x86)\videos MediaPlay-Air\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4.exe <==== UWAGA
Task: {08000B9E-BBC3-488D-8A6D-68F0024FA888} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== UWAGA
Task: {0BA8DCE1-760F-4C97-BC13-9B929F33A4C4} - System32\Tasks\new_game_updating_service => C:\Program Files (x86)\new game\new_game_updating_service.exe <==== UWAGA
Task: {1F329FC8-CF4E-49B3-98C7-EDCFC6CC34A6} - System32\Tasks\new_game_notification_service => C:\Program Files (x86)\new game\new_game_notification_service.exe <==== UWAGA
Task: {288BD29C-1A0A-4784-B171-A826F14F869B} - System32\Tasks\1G4MoIs7 => C:\Users\Patii\AppData\Roaming\1G4MoIs7.exe <==== UWAGA
Task: {6A9D1518-47EA-4B05-AD0B-88EB09BAEEDA} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== UWAGA
Task: {7535124B-16B0-4F13-9585-368942D6DED2} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== UWAGA
Task: {88675639-CF87-43AB-AB24-17121A674A1D} - System32\Tasks\{635DC5D0-9949-473B-BD02-F2D02CDF6B1E} => pcalua.exe -a F:\DirectX\DXSETUP.EXE -d F:\DirectX
Task: {AC6D606C-4396-4163-B6E0-8148D7F59E0D} - System32\Tasks\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4 => C:\Program Files (x86)\videos MediaPlay-Air\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4.exe <==== UWAGA
Task: {B27900C3-E34C-4668-82F5-06418E18AC02} - System32\Tasks\6a5e0766-1fff-47bb-af12-147db1944388 => C:\Program Files (x86)\Browsers Apps\0b339364-c268-4b80-8040-8633b5a42488-4.exe <==== UWAGA
Task: {C073D36D-7388-4D4F-8C10-7C4228B4BA19} - System32\Tasks\{7303CBD8-74CF-4927-8F28-6735901257CD} => pcalua.exe -a "C:\Program Files (x86)\DCoder Image Source\uninstall.exe"
Task: {CDAB1224-C645-4FFA-B931-DE76F455DBD8} - System32\Tasks\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-1 => C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe <==== UWAGA
Task: {D0E6A908-9CD1-4B54-B52A-A4DD3B27A13D} - System32\Tasks\0b339364-c268-4b80-8040-8633b5a42488-4 => C:\Program Files (x86)\Browsers Apps\0b339364-c268-4b80-8040-8633b5a42488-4.exe <==== UWAGA
Task: {DA9FD2FC-5BD4-45F3-AC91-F9B9447B5F3B} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== UWAGA
Task: {E46DD1C5-4778-4996-A13E-2FEA69B9BAEF} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== UWAGA
Task: {E6585012-11DB-4B7A-91FC-53587253524E} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\0b339364-c268-4b80-8040-8633b5a42488-1.job => C:\Program Files (x86)\Browsers Apps\Browsers Apps-codedownloader.exeɡ/bACuvyZYs /gDwSoa=task /wBeAJS='Browsers Apps' /bjuuF=61787 /Lzzhb='001738' /ixabY='0' /TFrJs='0' /qnjItqW=51D5D353097546269F1CA7148B702C00IE /sNKZRp=9c654f5c530c0be7465577bcd2de5075 /irIEEtNr=1_34_07_29 /cxwgI=1.34.7.29 /vbozDJi=1407253918 /QvhSYlpK=hxxp:/stats.infostatsserv.com /FOPAZbDo=hxxp:/errors.infostatsserv.com /nhRONkxQ=hxxp:/js.infostatsserv.com /nzyKBo=ff /dykimqj='Browsers Apps' /iuJVzoY=hxxp:/js.clientdemocloud.com /FcdKKPwSh /dsvnjasIM='{asw:[2, -2113929212, 4096]}' /mDzKvAR='hxxp:/update.infostatsserv.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== UWAGA
Task: C:\WINDOWS\Tasks\0b339364-c268-4b80-8040-8633b5a42488-4.job => C:\Program Files (x86)\Browsers Apps\0b339364-c268-4b80-8040-8633b5a42488-4.exe͌/qZuFb /wBeAJS='Browsers Apps' /yuuFNwVV C:\Program Files (x86)\Browsers Apps\0b339364-c268-4b80-8040-8633b5a42488.xpi' /bjuuF=61787 /Lzzhb='001738' /ixabY='0' /TFrJs='0' /qnjItqW=51D5D353097546269F1CA7148B702C00IE /sNKZRp=9c654f5c530c0be7465577bcd2de5075 /irIEEtNr=1_34_07_29 /cxwgI=1.34.7.29 /vbozDJi=1407253918 /QvhSYlpK=hxxp:/stats.infostatsserv.com /FOPAZbDo=hxxp:/errors.infostatsserv.com /jnEPeQO=300 /zQZgyovmN=herman.thorne45@outlook.com /jJObn=0.95 /LhJeP=ahermanthorne45outlookcom61787 /GEGuogs=hxxps:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/61787.rdf /eJquCb='Browsers Apps' /BQNMQ='Enhancing browsing experience' /zHyYGddTs='browser' /nzyKBo=ff /dsvnjasIM='{asw:[2, -2113929212, 4096]}' /FcdKKPwSh /uqVGi /XfsmEjQ /mDzKvAR='hxxp:/update.infostatsserv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== UWAGA
Task: C:\WINDOWS\Tasks\1G4MoIs7.job => C:\Users\Patii\AppData\Roaming\1G4MoIs7.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-1.job => C:\Program Files (x86)\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exeʐ/bACuvyZYs /gDwSoa=task /wBeAJS='videos MediaPlay-Air' /bjuuF=61799 /Lzzhb='001673' /ixabY='verticals-ads,intext,pops,shopping' /TFrJs='0' /qnjItqW=1B651CE51A974D56A73120A167E83FE9IE /sNKZRp=c13461f2cee64dcf5b1b740a8cadfa0c /irIEEtNr=1_34_07_29 /cxwgI=1.34.7.29 /vbozDJi=1407253913 /QvhSYlpK=hxxp:/stats.infostatsserv.com /FOPAZbDo=hxxp:/errors.infostatsserv.com /nhRONkxQ=hxxp:/js.infostatsserv.com /nzyKBo=ff /dykimqj='videos MediaPlay-Air' /iuJVzoY=hxxp:/js.clientdemocloud.com /FcdKKPwSh /dsvnjasIM='{asw:[2, -2113929212, 4096]}' /mDzKvAR='hxxp:/update.infostatsserv.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== UWAGA
Task: C:\WINDOWS\Tasks\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4.job => C:\Program Files (x86)\videos MediaPlay-Air\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4.exeφ/qZuFb /wBeAJS='videos MediaPlay-Air' /yuuFNwVV C:\Program Files (x86)\videos MediaPlay-Air\42d3747b-dde9-4d69-a6d3-74eb8d2a0178.xpi' /bjuuF=61799 /Lzzhb='001673' /ixabY='verticals-ads,intext,pops,shopping' /TFrJs='0' /qnjItqW=1B651CE51A974D56A73120A167E83FE9IE /sNKZRp=c13461f2cee64dcf5b1b740a8cadfa0c /irIEEtNr=1_34_07_29 /cxwgI=1.34.7.29 /vbozDJi=1407253913 /QvhSYlpK=hxxp:/stats.infostatsserv.com /FOPAZbDo=hxxp:/errors.infostatsserv.com /jnEPeQO=300 /zQZgyovmN=5c8764929678437cbd90994a5a82@ac863d978ade40948f4c7f15bb3c4.com /jJObn=0.95 /LhJeP=a5c8764929678437cbd90994a5a82ac863d978ade40948f4c7f15bb3c4com61799 /GEGuogs=hxxps:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/61799.rdf /eJquCb='videos MediaPlay-Air' /BQNMQ='MediaPlayerEnhance Extension' /zHyYGddTs='enter' /nzyKBo=ff /dsvnjasIM='{asw:[2, -2113929212, 4096]}' /FcdKKPwSh /uqVGi /XfsmEjQ /mDzKvAR='hxxp:/update.infostatsserv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== UWAGA
Task: C:\WINDOWS\Tasks\685e1e27-e079-4256-b03d-ef61b0d6206d.job => C:\Program Files (x86)\videos MediaPlay-Air\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\6a5e0766-1fff-47bb-af12-147db1944388.job => C:\Program Files (x86)\Browsers Apps\0b339364-c268-4b80-8040-8633b5a42488-4.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\new_game_notification_service.job => C:\Program Files (x86)\new game\new_game_notification_service.exeǤ/url='hxxp:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='new game' /appid='73143' /srcid='2913' /bic='a89d3db20d70a8fbe05268833a3b1e82' /verifier='57f9ae592c9998d29e2b8a506ee8c5f3' /installerversion='1.50.3.10' /statsdomain='hxxp:/stats.buildomserv.com/data.gif?' /errorsdomain='hxxp:/stats.buildomserv.com/data.gif?' /monetizationdomain='hxxp:/logs.buildomserv.com/monetization.gif <==== UWAGA
Task: C:\WINDOWS\Tasks\new_game_updating_service.job => C:\Program Files (x86)\new game\new_game_updating_service.exe© /campid=2913 /verid=1 /url=hxxp:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=new_game_updating_service /funurl=hxxp:/stats.buildomserv.com <==== UWAGA
Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\rhB2FIGlE8.job => C:\Users\Patii\AppData\Roaming\rhB2FIGlE8.exe <==== UWAGA
ShortcutWithArgument: C:\Users\Patii\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=1434130231&z=c16cfaa28c2cffe4be5ab3eg9z0c8zcgcceedo6c2e&from=ient06120&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => Brak pliku
AppInit_DLLs:  C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => Brak pliku
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Brak pliku
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437669589&z=bba7730183c2046398d83f7gaz0c0m4q4q8t0wdz0t&from=cornl&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437669589&z=bba7730183c2046398d83f7gaz0c0m4q4q8t0wdz0t&from=cornl&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437669589&z=bba7730183c2046398d83f7gaz0c0m4q4q8t0wdz0t&from=cornl&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437669589&z=bba7730183c2046398d83f7gaz0c0m4q4q8t0wdz0t&from=cornl&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX&q={searchTerms}
HKU\S-1-5-21-3433028086-2115163689-1266408597-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1434130231&z=c16cfaa28c2cffe4be5ab3eg9z0c8zcgcceedo6c2e&from=ient06120&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX&q={searchTerms}
HKU\S-1-5-21-3433028086-2115163689-1266408597-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={56872F89-2806-41D3-A5A7-43C3F5E01A62}&mid=5b3132b015fc47d29d1a693f79eb3291-8ca7871c132a14ff7a2e1ce3fb2d68b9540df5e8&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb2&pr=fr&d=2014-11-10 11:56:23&v=4.3.4.122&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3433028086-2115163689-1266408597-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1434130231&z=c16cfaa28c2cffe4be5ab3eg9z0c8zcgcceedo6c2e&from=ient06120&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={56872F89-2806-41D3-A5A7-43C3F5E01A62}&mid=5b3132b015fc47d29d1a693f79eb3291-8ca7871c132a14ff7a2e1ce3fb2d68b9540df5e8&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb2&pr=fr&d=2014-11-10 11:56:23&v=4.3.4.122&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> {66E3D073-0797-4DF8-918B-E3C5EBB8AC07} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={56872F89-2806-41D3-A5A7-43C3F5E01A62}&mid=5b3132b015fc47d29d1a693f79eb3291-8ca7871c132a14ff7a2e1ce3fb2d68b9540df5e8&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb2&pr=fr&d=2014-11-10 11:56:23&v=4.3.4.122&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Browsers Apps -> {11111111-1111-1111-1111-110611171187} -> Brak pliku
BHO: videos MediaPlay-Air -> {11111111-1111-1111-1111-110611171199} -> Brak pliku
BHO: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
IE Session Restore: HKU\S-1-5-21-3433028086-2115163689-1266408597-1002 -> [funkcja włączona]
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1434130231&z=c16cfaa28c2cffe4be5ab3eg9z0c8zcgcceedo6c2e&from=ient06120&uid=HitachiXHTS545050A7E380_TE85313R0G209J0G209JX
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Brak pliku]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Brak pliku]
FF user.js: detected! => C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\user.js [2016-09-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml [2015-06-12]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml [2014-08-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-07-21]
FF Extension: (new game) - C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\extensions\31dL3@gmail.com [2015-04-02] [Brak podpisu cyfrowego]
FF Extension: (copylinkurlbluelightdevcom) - C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\extensions\copylinkurl@bluelightdev.com [2015-04-02] [Brak podpisu cyfrowego]
FF Extension: (Default NewTab) - C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\extensions\default_newtabff@gmail.com [2015-07-03] [Brak podpisu cyfrowego]
FF Extension: (video MediaPlayers) - C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\extensions\5c8764929678437cbd90994a5a82@ac863d978ade40948f4c7f15bb3c4.com [2015-07-03] [Brak podpisu cyfrowego]
FF Extension: (Brak nazwy) - C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\extensions\deskCutv2@gmail.com [nie znaleziono]
FF Extension: (Browsers App) - C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\extensions\herman.thorne45@outlook.com [2015-07-03] [Brak podpisu cyfrowego]
FF Extension: (Brak nazwy) - C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\extensions\avg@toolbar.xpi [nie znaleziono]
FF Extension: (Brak nazwy) - C:\Users\Patii\AppData\Roaming\Mozilla\Firefox\Profiles\ek48m9zp.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2016-08-22] [Brak podpisu cyfrowego]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== UWAGA (Linkuje do pliku *.cfg)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== UWAGA
2016-09-08 17:43 - 2015-04-02 17:58 - 00001312 _____ C:\WINDOWS\Tasks\new_game_notification_service.job
2016-09-08 17:43 - 2015-04-02 17:58 - 00001002 _____ C:\WINDOWS\Tasks\rhB2FIGlE8.job
2016-09-08 17:43 - 2015-04-02 17:58 - 00000998 _____ C:\WINDOWS\Tasks\1G4MoIs7.job
2016-09-08 17:43 - 2015-04-02 17:58 - 00000674 _____ C:\WINDOWS\Tasks\new_game_updating_service.job
2016-09-08 17:43 - 2014-08-05 17:54 - 00003480 _____ C:\WINDOWS\Tasks\685e1e27-e079-4256-b03d-ef61b0d6206d.job
2016-09-08 17:43 - 2014-08-05 17:54 - 00001692 _____ C:\WINDOWS\Tasks\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-1.job
2016-09-08 17:43 - 2014-08-05 17:54 - 00001570 _____ C:\WINDOWS\Tasks\0b339364-c268-4b80-8040-8633b5a42488-1.job
2016-09-08 17:43 - 2014-08-05 17:53 - 00003130 _____ C:\WINDOWS\Tasks\6a5e0766-1fff-47bb-af12-147db1944388.job
2016-09-08 17:43 - 2014-08-05 17:53 - 00002318 _____ C:\WINDOWS\Tasks\42d3747b-dde9-4d69-a6d3-74eb8d2a0178-4.job
2016-09-08 17:43 - 2014-08-05 17:53 - 00002060 _____ C:\WINDOWS\Tasks\0b339364-c268-4b80-8040-8633b5a42488-4.job
2016-09-08 17:43 - 2014-08-05 17:52 - 00000908 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2016-09-08 15:26 - 2015-07-23 18:40 - 00000000 ____D C:\ProgramData\1WinManPro1
2016-09-08 14:18 - 2014-05-29 20:55 - 00000000 ____D C:\Program Files (x86)\MadVR
HOSTS:
EmptyTemp:


Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

Daj z tewgo raport.

 

2) Użyj >Adw-cleaner
najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C"

 

3) Zrób nowe logi FRST.

przed skanem zaznacz: Additional.txt Shortcut.txt,

.

  • Dobra wypowiedź 1
Chrupek02
komentarz
komentarz

Przepraszam że tak długo. 

Raport z Naprawy "fixlog

 

Adw- cleaner usunął ponad 246 zagrożeń. W tym wirusa malware ! 

 

Nowe logi również zrobione. 

 

 

Addition.txt

Fixlog.txt

FRST.txt

Shortcut.txt

Twój_Anioł_Stróż
komentarz
komentarz

W nowych logach nie widzę już niczego podejrzanego, więc chyba możemy kończyć:

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:


Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.

 

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

 

  • Dobra wypowiedź 1
Chrupek02
komentarz
komentarz

Zrobione. Dziękuję pięknie za pomoc.

Temat do zamknięcia :)

Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
Zarejestruj się lub zaloguj, aby dodać nowy temat albo zadaj pytanie bez logowania
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.