sebo0426
22 Kwiecień 2017 10:15
#1
Witam
Podczas instalacji programu McAfee pojawia sie komunikat:
McAfee Installer: Install.exe - Zły obraz
Po nacisniecu ok instalacja trwa dalej ale po zakonczeniu instalacji brak programu na komputerze.
Komputer przeskanowalem programem AdwCleaner raport http://wklej.org/id/3092917/
Raport FRST http://wklej.org/id/3092906/ http://wklej.org/id/3092905/
Atis
22 Kwiecień 2017 10:27
#2
Po co instalujesz słaby program McAfee i to w dodatku prawdopodobnie pobrany z podejrzanego źródła?
sebo0426
22 Kwiecień 2017 10:35
#3
Pobierany byl ze strony McAfeehttp://wklej.org/id/3092933/
Atis
22 Kwiecień 2017 11:27
#4
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKLM-x32\...\Run: [fst_gb_5] => [X]
HKU\S-1-5-21-685528008-3517233895-3630812493-1000\...\Run: [Hoolapp Android] => "C:\Users\SEBAST~1\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-685528008-3517233895-3630812493-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\sebastian\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe [2205208 2013-09-17] ()
HKU\S-1-5-21-685528008-3517233895-3630812493-1000\...\Run: [Facebook Update] => "C:\Users\sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
C:\Users\sebastian\AppData\Roaming\AVG 0913b Campaign
GroupPolicyScripts-x32: Ograniczenia <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-685528008-3517233895-3630812493-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\S-1-5-21-685528008-3517233895-3630812493-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190
BHO-x32: The weDownload -> {11111111-1111-1111-1111-110411901172} -> C:\Program Files (x86)\The weDownload\The weDownload-bho.dll => Brak pliku
CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S0 mferkdet; system32\drivers\mferkdet.sys [X]
2017-04-22 09:41 - 2017-04-22 09:48 - 00000000 ____D C:\AdwCleaner
2017-04-18 18:27 - 2017-04-18 18:27 - 00000000 ____D C:\Users\sebastian\AppData\Local\MFAData
2017-04-18 18:24 - 2017-04-18 18:27 - 00000000 ____D C:\Users\sebastian\AppData\Local\AvgSetupLog
2017-04-18 18:32 - 2013-03-13 14:14 - 00000000 ____D C:\ProgramData\AVG2013
2017-04-18 18:32 - 2013-03-13 14:10 - 00000000 ____D C:\ProgramData\MFAData
2017-04-18 18:30 - 2013-03-13 14:14 - 00000000 ___HD C:\$AVG
2017-04-18 18:27 - 2015-12-26 09:48 - 00000000 ____D C:\ProgramData\Avg
2017-04-18 18:27 - 2013-03-13 14:13 - 00000000 ____D C:\Program Files (x86)\AVG
2012-03-04 16:00 - 2012-03-31 12:54 - 0000015 _____ () C:\Users\sebastian\AppData\Roaming\Microsoft\1226321836126.bat
2012-03-04 16:00 - 2012-04-01 12:17 - 0020480 _____ (nhyynynj) C:\Users\sebastian\AppData\Roaming\Microsoft\1.exe
2012-03-04 16:00 - 2012-03-31 10:55 - 0186550 _____ () C:\Users\sebastian\AppData\Roaming\Microsoft\foto.jpg
Task: {098A3F4E-7A4E-48FD-90FE-0937F6847207} - System32\Tasks\{D72D6F43-60EA-4267-A214-7A32CBD1CE58} => pcalua.exe -a D:\instalki\Nero-8.3.2.1b_plk_trial.exe -d D:\instalki
Task: {3D52FAA7-2986-46EA-BBC3-BFD7DCB9A40E} - System32\Tasks\{766A7C19-B2A0-4F06-AE01-DC07247D5954} => pcalua.exe -a C:\Users\sebastian\Downloads\lalsetup250(dobreprogramy.pl).exe -d C:\Users\sebastian\Downloads
Task: {41017811-6869-415A-A134-573AFDF0B113} - System32\Tasks\{F7C37230-7DC6-4624-BC69-89C30067AFFE} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Task: {720F662B-5FCB-4611-A131-39557537AC5D} - System32\Tasks\{A2DE3953-406F-4AC6-9089-FA366D9CA669} => pcalua.exe -a C:\Users\sebastian\Downloads\NetFx64.exe -d C:\Users\sebastian\Downloads
Task: {AF2C32C0-C4E0-4FEC-BD52-82C563D93E24} - System32\Tasks\{482DF5FF-050B-4FC4-A07E-63275F0802C7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/pl/go/help.faq.installer?LastError=112
Task: {C09DD4FA-C5A3-473F-A98F-D2D5A3F95F2F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-685528008-3517233895-3630812493-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CA83AAA6-D106-42ED-9B4B-8AC3448FB9DE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-685528008-3517233895-3630812493-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DD789823-76D6-4410-BC18-8CEECBB009A6} - System32\Tasks\e-pity2013_kwiecien => f:\Program Files (x86)\e-file\e-pity2013\Assets\signxml.exe
Task: {4EC1E438-91DA-4132-8303-D5BBE6E5DBAA} - System32\Tasks\e-pity2013_styczen => f:\Program Files (x86)\e-file\e-pity2013\Assets\signxml.exe
Task: {F493C690-B615-40C9-BA45-8286AACFF5FF} - System32\Tasks\{DA0105FB-37BC-4C8D-B055-0BB90861D083} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/pl/abandoninstall?page=tsProgressBar
EmptyTemp:
sebo0426
22 Kwiecień 2017 11:53
#5
Atis
22 Kwiecień 2017 12:05
#6
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
C:\ProgramData\3b2c31353c2630292742_c
DeleteQuarantine:Adobe Reader XI 11.0.20 Java 8 Update 131 Silverlight 5.1.50906.0