Jump to content

aldighazali

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by aldighazali

  1. no i don't, thanks you very much for your help, aura! wish you all the best for everything. see you. # DelFix v1.013 - Logfile created 05/09/2017 at 22:55:24 # Updated 17/04/2016 by Xplode # Username : user - USER-PC # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\user\Desktop\Addition.txt Deleted : C:\Users\user\Desktop\AdwCleaner_2.exe Deleted : C:\Users\user\Desktop\Fixlog.txt Deleted : C:\Users\user\Desktop\FRST.exe Deleted : C:\Users\user\Desktop\FRST.txt Deleted : C:\Users\user\Desktop\rkill.exe Deleted : C:\Users\user\Desktop\Rkill.txt ~ Creating registry backup ... OK ~ Cleaning system restore ... New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. oke just adding for exclusions eacht other, and there any step to do now? i think my problem solved. no other issues found yet.
  3. so far, not any other issues yet. only if i turn on 360 total security. it ask for block or allow Malwarebytes, its normal, isnt it?
  4. # AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 05 14:45:09 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 7 Ultimate (X86) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [11910 B] - [2017/8/28 5:5:47] C:/AdwCleaner/AdwCleaner[C1].txt - [1271 B] - [2017/8/28 5:18:11] C:/AdwCleaner/AdwCleaner[C2].txt - [1405 B] - [2017/8/29 6:45:15] C:/AdwCleaner/AdwCleaner[C3].txt - [1536 B] - [2017/8/30 21:50:56] C:/AdwCleaner/AdwCleaner[S0].txt - [14047 B] - [2017/8/28 5:4:18] C:/AdwCleaner/AdwCleaner[S1].txt - [1149 B] - [2017/8/28 5:17:3] C:/AdwCleaner/AdwCleaner[S2].txt - [1282 B] - [2017/8/29 6:39:47] C:/AdwCleaner/AdwCleaner[S3].txt - [1398 B] - [2017/8/30 21:50:17] C:/AdwCleaner/AdwCleaner[S4].txt - [1534 B] - [2017/8/30 23:46:53] C:/AdwCleaner/AdwCleaner[S5].txt - [1553 B] - [2017/9/5 14:43:50] ########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt ##########
  5. if i connet to internet, open Malwarbytes , i use opera browser. but i restarted my laptop few minutes ago (2nd restart) , it didnt show again. or i give you logs from adwcleaner?
  6. i dont see cmd pop up again. but website blcoked still exist, its normal?
  7. Fix result of Farbar Recovery Scan Tool (x86) Version: 20-08-2017 Ran by user (05-09-2017 20:35:37) Run:1 Running from C:\Users\user\Desktop Loaded Profiles: user (Available Profiles: user) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {25219045-DDED-4F16-AEA7-86746D8CB50F} - System32\Tasks\{7A4D1262-9828-7AF2-F379-576B80005643} => C:\Users\user\AppData\Roaming\{E028D~1\SYNCVE~1.EXE <==== ATTENTION Task: {38AB0084-B21B-478A-962A-E3911E3F0E6C} - System32\Tasks\{AAA94F4C-E1B4-4FDF-A4B4-0749DF8D48F3} => C:\Windows\system32\pcalua.exe -a E:\dxtbmpx.exe -d E:\ Task: {94EBF84D-E808-45AF-AAD4-07585BA0C52B} - System32\Tasks\6ib8X8ehS5 => C:\Program Files\iXIT4OlrUs\updengine.exe <==== ATTENTION Task: {B2485313-92A5-4769-8903-5D195EFA63F2} - System32\Tasks\{421907EC-CEBA-4733-9FC7-4702A71A1624} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Corel\CorelDRAW Graphics Suite X4\Setup\Setup.exe" -d "C:\Program Files\Corel\CorelDRAW Graphics Suite X4\Setup" Task: {CC62A445-40A3-481D-9A44-E7F0C45D1D7B} - System32\Tasks\{C937A853-7DB1-4BAB-903F-826306BCC626} => C:\Windows\system32\pcalua.exe -a "C:\Users\Public\Pictures\Sample Pictures\BUAT REFRESHING\BONUS IEU MAH\hamsterballgold.exe" -d "C:\Users\Public\Pictures\Sample Pictures\BUAT REFRESHING\BONUS IEU MAH" Task: C:\Windows\Tasks\{7A4D1262-9828-7AF2-F379-576B80005643}.job => C:\Users\user\AppData\Roaming\{E028D~1\SYNCVE~1.EXE <==== ATTENTION WMI_ActiveScriptEventConsumer_ASEC: <==== ATTENTION C:\Program Files\iXIT4OlrUs C:\ProgramData\ntuser.pol C:\ProgramData\10C77F344F.sys C:\ProgramData\KGyGaAvL.sys C:\Users\user\AppData\Roaming\{E028D~1 C:\Users\user\AppData\Roaming\dea986aa0a41453380053473a9e3b4b9 C:\Users\user\AppData\Roaming\79e080882b88491cb58be9c135d70c32 EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully HKLM\SOFTWARE\Policies\Google => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25219045-DDED-4F16-AEA7-86746D8CB50F} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25219045-DDED-4F16-AEA7-86746D8CB50F} => key removed successfully. C:\Windows\System32\Tasks\{7A4D1262-9828-7AF2-F379-576B80005643} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A4D1262-9828-7AF2-F379-576B80005643} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38AB0084-B21B-478A-962A-E3911E3F0E6C} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38AB0084-B21B-478A-962A-E3911E3F0E6C} => key removed successfully. C:\Windows\System32\Tasks\{AAA94F4C-E1B4-4FDF-A4B4-0749DF8D48F3} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AAA94F4C-E1B4-4FDF-A4B4-0749DF8D48F3} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94EBF84D-E808-45AF-AAD4-07585BA0C52B} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94EBF84D-E808-45AF-AAD4-07585BA0C52B} => key removed successfully. C:\Windows\System32\Tasks\6ib8X8ehS5 => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6ib8X8ehS5 => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2485313-92A5-4769-8903-5D195EFA63F2} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2485313-92A5-4769-8903-5D195EFA63F2} => key removed successfully. C:\Windows\System32\Tasks\{421907EC-CEBA-4733-9FC7-4702A71A1624} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{421907EC-CEBA-4733-9FC7-4702A71A1624} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC62A445-40A3-481D-9A44-E7F0C45D1D7B} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC62A445-40A3-481D-9A44-E7F0C45D1D7B} => key removed successfully. C:\Windows\System32\Tasks\{C937A853-7DB1-4BAB-903F-826306BCC626} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C937A853-7DB1-4BAB-903F-826306BCC626} => key removed successfully. C:\Windows\Tasks\{7A4D1262-9828-7AF2-F379-576B80005643}.job => moved successfully WMI_ActiveScriptEventConsumer_ASEC: <==== ATTENTION => removed successfully. "C:\Program Files\iXIT4OlrUs" => not found. C:\ProgramData\ntuser.pol => moved successfully C:\ProgramData\10C77F344F.sys => moved successfully C:\ProgramData\KGyGaAvL.sys => moved successfully C:\Users\user\AppData\Roaming\{E028D~1 => moved successfully C:\Users\user\AppData\Roaming\dea986aa0a41453380053473a9e3b4b9 => moved successfully C:\Users\user\AppData\Roaming\79e080882b88491cb58be9c135d70c32 => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6426037 B Java, Flash, Steam htmlcache => 554 B Windows/system/drivers => 1583457 B Edge => 0 B Chrome => 0 B Firefox => 14912988 B Opera => 71387256 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 50110 B Public => 0 B ProgramData => 0 B systemprofile => 83247 B LocalService => 132244 B NetworkService => 692 B user => 11485920 B RecycleBin => 0 B EmptyTemp: => 109.1 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 20:36:33 ====
  8. yes, still get cmd and always shown this website blcoked.txt
  9. thank you for replaying, sorry if my english not good, aura . scan Mbam 1st.txt scan mbam 2nd.txt FRST.txt Addition.txt
  10. my friend made the mistake of downloading and installing unknown software which I do not know. So I uninstalled it. Now i keep getting a "Command Prompt" window very quickly flashing every time I start my computer and on and off every hour. I try to scan with Malwarebytes which have detected no problems. What is this window? How could I stop it? Please Help. got 1 print screen, says following BITSADMIN version 3.0 BITS administration utility. <C> Copyright 2000-2006 BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the Bits service are now provided by BITS Powershell cm dlets. Found 3 jobs named "task3". Use the job identifier instead of the job name.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.