Jump to content

carlonb

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

Reputation

0 Neutral
  1. carlonb
    I completely agree with you to use "Common sense" opening mails and/or web pages. I usually do that but I noted that very often, many web pages are designed in a very misleading way, so some time I've the time to "think about" avoiding it, but some time I will be confused and "click" the misleaded button of sh**t specially when I (you) want go fast navigating the web. This I think was happened to me. Anyway, tankyou again. Here the delfix log: Oooopppssss, I close the delfixlog (notepad) before copy and paste, now where is? I think is deleted….. If nothing else to do, ok, you can close this thread. Bye, Carlo
  2. carlonb
    Ok Yoan, So, very very thanks for your help. Ciao Carlo
  3. carlonb
    Hi Yoan, Thankyou very much for the effort. Until now everything seems fine.I have to try some more applications. Question: What about my personal data folder in "C:Dati_2018" as I've got the Virus / Malwares about 9 days ago? Are they safe? Bye, Carlo
  4. carlonb
    Thanks Yoan, Here the fixlog. I'm waiting for your next request. Please one question: What about the new process in background "Malwarebytes service" automatically started that I see in Activity manager (using some memory - 128 MBytes) ? Fix result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018 Ran by Carlo (19-07-2018 21:46:41) Run:2 Running from C:\Users\Carlo.CARLO-PC\Desktop Loaded Profiles: Carlo (Available Profiles: Carlo & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Task: {0106F570-0398-4148-AB7E-527459E00235} - System32\Tasks\{426DF282-AA21-4417-843A-CCC8CE1974E6} => F:\keygen\Banknote Protection Removal\Photoshop.CS3-Banknote protection removal.exe Task: {0C3D7B8C-8FEA-4EE9-9E43-BCE3D8888838} - System32\Tasks\{6C3ED6EB-5D76-4E7C-B06A-9F852F55EB2E} => F:\keygen\Banknote Protection Removal\Photoshop.CS3-Banknote protection removal.exe Task: {1403B87B-33E1-4AEB-9DAB-22CBF8CFB95E} - System32\Tasks\{901D7A1A-8F68-4F88-837B-0655E9FAE4C3} => F:\keygen\Banknote Protection Removal\Photoshop.CS3-Banknote protection removal.exe Task: {15F683A6-6C3A-40D4-BF9A-F8FD8FFE8545} - System32\Tasks\{0B5B9AF6-8597-464D-83C1-051B06F2F45E} => F:\keygen\Banknote Protection Removal\Photoshop.CS3-Banknote protection removal.exe Task: {31B1E746-F6C1-4D31-89B4-56230221D278} - System32\Tasks\{39990A0E-D022-4334-88EB-A8BBA2D2BCE8} => F:\keygen\Banknote Protection Removal\Photoshop.CS3-Banknote protection removal.exe Task: {3F1F4FF0-9A4D-4247-83EB-70A9EEB0AFDC} - System32\Tasks\{F217D737-1F56-4FDD-9A91-C1C205943C15} => F:\keygen\Banknote Protection Removal\Photoshop.CS3-Banknote protection removal.exe Task: {44EBA853-2D43-4C36-8749-77F60D8EB59A} - System32\Tasks\{D06CA1A7-E3F7-45F5-9064-91C85F2FA305} => F:\keygen\Banknote Protection Removal\Photoshop.CS3-Banknote protection removal.exe Task: {640F2590-F483-4126-A673-E0F6D66C5962} - System32\Tasks\{ACED45F9-DB6E-4568-8ED6-5FB30CC87C7C} => F:\keygen\Banknote Protection Removal\Photoshop.CS3-Banknote protection removal.exe Task: {A1771DD8-D948-465F-AA96-B6919A81CF4C} - System32\Tasks\{2028DB56-628C-484A-A2A9-0432945B82D4} => F:\keygen\Banknote Protection Removal\Photoshop.CS3-Banknote protection removal.exe Task: {BE4DAE11-0D9F-4103-9364-298C3BDC56AE} - System32\Tasks\{74BB12AE-29DC-4157-93FC-CC58EFB6D6AA} => F:\keygen\Banknote Protection Removal\Photoshop.CS3-Banknote protection removal.exe Task: {F1750F16-DF14-4846-997B-614DC9AAD5D6} - System32\Tasks\{704687DF-1C50-4A5E-9244-7A3D95EED64E} => F:\keygen\Banknote Protection Removal\Photoshop.CS3-Banknote protection removal.exe AlternateDataStreams: C:\ProgramData\Temp:5FBC93CD [108] MSCONFIG\Services: avgsvc => 2 MSCONFIG\Services: avgwd => 2 MSCONFIG\Services: Service_21 => 2 MSCONFIG\Services: vToolbarUpdater40.2.3 => 2 HKLM\...\StartupApproved\Run: => "KMS Update" HKLM\...\StartupApproved\Run: => "rundll32" HKLM\...\StartupApproved\Run32: => "AVG_UI" HKLM\...\StartupApproved\Run32: => "AvgUi" HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\...\StartupApproved\Run: => "Blogger" C:\ProgramData\ntuser.pol C:\Windows\System32\Service_21.exe EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0106F570-0398-4148-AB7E-527459E00235}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0106F570-0398-4148-AB7E-527459E00235}" => removed successfully C:\WINDOWS\System32\Tasks\{426DF282-AA21-4417-843A-CCC8CE1974E6} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{426DF282-AA21-4417-843A-CCC8CE1974E6}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3D7B8C-8FEA-4EE9-9E43-BCE3D8888838}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3D7B8C-8FEA-4EE9-9E43-BCE3D8888838}" => removed successfully C:\WINDOWS\System32\Tasks\{6C3ED6EB-5D76-4E7C-B06A-9F852F55EB2E} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6C3ED6EB-5D76-4E7C-B06A-9F852F55EB2E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1403B87B-33E1-4AEB-9DAB-22CBF8CFB95E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1403B87B-33E1-4AEB-9DAB-22CBF8CFB95E}" => removed successfully C:\WINDOWS\System32\Tasks\{901D7A1A-8F68-4F88-837B-0655E9FAE4C3} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{901D7A1A-8F68-4F88-837B-0655E9FAE4C3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15F683A6-6C3A-40D4-BF9A-F8FD8FFE8545}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15F683A6-6C3A-40D4-BF9A-F8FD8FFE8545}" => removed successfully C:\WINDOWS\System32\Tasks\{0B5B9AF6-8597-464D-83C1-051B06F2F45E} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B5B9AF6-8597-464D-83C1-051B06F2F45E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31B1E746-F6C1-4D31-89B4-56230221D278}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31B1E746-F6C1-4D31-89B4-56230221D278}" => removed successfully C:\WINDOWS\System32\Tasks\{39990A0E-D022-4334-88EB-A8BBA2D2BCE8} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{39990A0E-D022-4334-88EB-A8BBA2D2BCE8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F1F4FF0-9A4D-4247-83EB-70A9EEB0AFDC}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F1F4FF0-9A4D-4247-83EB-70A9EEB0AFDC}" => removed successfully C:\WINDOWS\System32\Tasks\{F217D737-1F56-4FDD-9A91-C1C205943C15} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F217D737-1F56-4FDD-9A91-C1C205943C15}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44EBA853-2D43-4C36-8749-77F60D8EB59A}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44EBA853-2D43-4C36-8749-77F60D8EB59A}" => removed successfully C:\WINDOWS\System32\Tasks\{D06CA1A7-E3F7-45F5-9064-91C85F2FA305} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D06CA1A7-E3F7-45F5-9064-91C85F2FA305}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{640F2590-F483-4126-A673-E0F6D66C5962}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{640F2590-F483-4126-A673-E0F6D66C5962}" => removed successfully C:\WINDOWS\System32\Tasks\{ACED45F9-DB6E-4568-8ED6-5FB30CC87C7C} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ACED45F9-DB6E-4568-8ED6-5FB30CC87C7C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1771DD8-D948-465F-AA96-B6919A81CF4C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1771DD8-D948-465F-AA96-B6919A81CF4C}" => removed successfully C:\WINDOWS\System32\Tasks\{2028DB56-628C-484A-A2A9-0432945B82D4} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2028DB56-628C-484A-A2A9-0432945B82D4}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE4DAE11-0D9F-4103-9364-298C3BDC56AE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE4DAE11-0D9F-4103-9364-298C3BDC56AE}" => removed successfully C:\WINDOWS\System32\Tasks\{74BB12AE-29DC-4157-93FC-CC58EFB6D6AA} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{74BB12AE-29DC-4157-93FC-CC58EFB6D6AA}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1750F16-DF14-4846-997B-614DC9AAD5D6}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1750F16-DF14-4846-997B-614DC9AAD5D6}" => removed successfully C:\WINDOWS\System32\Tasks\{704687DF-1C50-4A5E-9244-7A3D95EED64E} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{704687DF-1C50-4A5E-9244-7A3D95EED64E}" => removed successfully C:\ProgramData\Temp => ":5FBC93CD" ADS removed successfully "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\avgsvc" => removed successfully HKLM\System\CurrentControlSet\Services\avgsvc => not found "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\avgwd" => removed successfully HKLM\System\CurrentControlSet\Services\avgwd => not found "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Service_21" => removed successfully HKLM\System\CurrentControlSet\Services\Service_21 => not found "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\vToolbarUpdater40.2.3" => removed successfully HKLM\System\CurrentControlSet\Services\vToolbarUpdater40.2.3 => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\KMS Update" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KMS Update" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\rundll32" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\rundll32" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\AVG_UI" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\AvgUi" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi" => not found "HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Blogger" => removed successfully "HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Blogger" => not found C:\ProgramData\ntuser.pol => moved successfully "C:\Windows\System32\Service_21.exe" => not found =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23644984 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 41561541 B Edge => 85847611 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B LocalService => 0 B NetworkService => 8046 B NetworkService => 0 B Carlo.CARLO-PC => 66140914 B DefaultAppPool => 0 B RecycleBin => 264140 B EmptyTemp: => 217.4 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 21:50:03 ====
  5. carlonb
    Hi Yoan, As before, copy and paste the two files here seems crashing this web page, so I attach a zip file. FRST&Addition.zip
  6. carlonb
    Hi Yoan, Next step please
  7. carlonb
    Hi Yoan, Here the Fix log. What about my abobe question please ? Thankyou for your effort. Carlo Fixlog.txt
  8. carlonb
    Hi Yoan, Here the image of my actual activity manager, as you can see there are some apps where indicate are "Suspended", before those virus/malwares I never seen these suspensions. Is this condition suspicious or is normal Windows 10 working ? Thanks
  9. carlonb
    Hey Yoan, copy and paste the two files here seems do a reply crash, so I try with a zip file for both... FRST&Addition.zip
  10. carlonb
    Hi Yoan, I'm sorry but I can't paste and submit the two logs. I zipped it and annexed here. AdwCleaner&RogueKiller.zip
  11. carlonb
    Hello Yoan, Here the EXPORT SUMMARY.... I'm crossing my fingers As before, I'm waiting for your asks, thanks. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/17/18 Scan Time: 2:44 PM Log File: 36c251d2-89bf-11e8-9786-0025113d623a.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.5937 License: Trial -System Information- OS: Windows 10 (Build 17134.165) CPU: x64 File System: NTFS User: DESKTOP_CARLO\Carlo -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 489315 Threats Detected: 25 Threats Quarantined: 25 Time Elapsed: 19 min, 56 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 6 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\CONSOLE\TASKENG.EXE, Quarantined, [6459], [425125],1.0.5937 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{29CF2445-9E64-93EE-43FB-09385758BB43}, Quarantined, [6459], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EF385F1-65FF-452F-9245-90C23F662DA9}, Quarantined, [6459], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EF385F1-65FF-452F-9245-90C23F662DA9}, Quarantined, [6459], [-1],0.0.0 PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7E24F56F-B9AA-49AA-992D-528DE94E1AF8}, Quarantined, [67], [259410],1.0.5937 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [6459], [425124],1.0.5937 Registry Value: 7 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [6459], [425125],1.0.5937 PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [692], [-1],0.0.0 PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [692], [-1],0.0.0 PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Quarantined, [692], [259988],1.0.5937 PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7E24F56F-B9AA-49AA-992D-528DE94E1AF8}|PATH, Quarantined, [67], [259410],1.0.5937 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarantined, [6459], [425124],1.0.5937 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarantined, [6459], [425126],1.0.5937 Registry Data: 4 PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Replaced, [692], [293486],1.0.5937 PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Replaced, [692], [293485],1.0.5937 PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Replaced, [692], [293485],1.0.5937 PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1109775176-1761140789-1796557664-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Replaced, [692], [293485],1.0.5937 Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 8 PUP.Optional.PSScriptLoad.ACMB3, C:\WINDOWS\SYSTEM32\TASKS\{29CF2445-9E64-93EE-43FB-09385758BB43}, Quarantined, [6459], [-1],0.0.0 RiskWare.BitCoinMiner, C:\WINDOWS\TEMP\NVI864.EXE, Quarantined, [922], [478453],1.0.5937 Generic.Malware/Suspicious, C:\WINDOWS\TEMP\AMDX64.EXE, Quarantined, [0], [392686],1.0.5937 Generic.Malware/Suspicious, C:\WINDOWS\TEMP\SRACQTDQPF.EXE, Quarantined, [0], [392686],1.0.5937 RiskWare.BitCoinMiner, C:\WINDOWS\TEMP\32X64.EXE, Quarantined, [922], [534428],1.0.5937 Trojan.BitCoinMiner, C:\WINDOWS\INSTALLER\F19C3.MSI, Quarantined, [528], [529068],1.0.5937 Adware.Elex.ShrtCln, C:\USERS\CARLO.CARLO-PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Sync Data\SyncData.sqlite3, Replaced, [247], [454749],1.0.5937 Adware.Elex.ShrtCln, C:\USERS\CARLO.CARLO-PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\ChromeDefaultData\Secure Preferences, Replaced, [247], [454749],1.0.5937 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  12. carlonb
    Hi Yoan, Thankyou very much for the prompt reply. Just now done what you ask me. Here the result file. I hope you can help to clean my PC. Waiting for your reply I thankyou again. Carlo mbar-log-2018-07-17 (10-39-35).txt
  13. carlonb
    Sorry, I forgot to mention that cause of this, At every system boot, Windows security center wil be deactivated, after to go with regedit…..windowsdefender register=1 and changed with =0 I can reenable the Windows 10 antivirus scanner. May be I'e other issues, but up to now I do not know. Bye, Carlo
  14. carlonb
    Searching around the web I found this forum, so I hope someone can help me. So there is this virus/malware whatever you want to call it which bothers me every time I start my computer. Once windows 10 boots up ****.tmp.exe file is generated in the Windows/temp folder. As soon as the files are created in the temp folder it also starts in processes. Multiple times I have done a clean installation of Windows 10 but it gets affected. When the tmp.exe is working in the process all the search results are showed . Once I kill the process and delete the tmp.exe file everything is back to normal but is still there whenever I reboot the PC Any solution for this problem? Have used CC Cleaner, tried full scan with win10 antivirus, etc and still no help. I have seen in this forum a person with a similar problem and he was asked to upload some logs from farbar, these are my logs Please Help! Thanks. FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.