Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

RunDll- pojawiający sie komunikat

Piotrek19971 05 Lip 2015 18:43 1920 34
  • #1 05 Lip 2015 18:43
    Piotrek19971
    Poziom 7  

    Witam, po włączeniu komputera pojawia mi się taki komunikat: RunDLL- Wystąpił problem podczas uruchamiania pliku C:\users\Administrator\AppData\roaming\Babsolution\shared\enhancedNT.dll nie można odnalezc określonego modułu.
    Jak to naprawić?
    RunDll- pojawiający sie komunikat

    0 29
  • CControls
  • Pomocny post
    #4 05 Lip 2015 19:48
    jan288
    Poziom 19  

    Odistaluj , Assistant , do-search uninstall , McAfee Security Scan Plus , Norton Security Scan , OctetPinger , ViperPorter , Użyj AdwCleaner, opcja Scan i Clean ( Szukaj i Usuń):
    https://toolslib.net/downloads/viewdownload/1-adwcleaner/
    Wykonaj pełny skan za pomocą MBAM po aktualizacji bazy wirusów i usuń wykryte zagrożenia:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    Wstaw w załączniku logi z FRST (FRST.txt i Addition.txt):
    http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool .

    2
  • #5 05 Lip 2015 20:03
    Piotrek19971
    Poziom 7  

    RunDll- pojawiający sie komunikat


    Wyskakuje taki komunikat jak chce usunąć

    Dodano po 9 [minuty]:

    I to samo przy usuwaniu OctetPinger i ViperPorter. Te 3 sie nie chcą usunąć a resztę dało rade

    0
  • Pomocny post
    #6 05 Lip 2015 20:16
    jan288
    Poziom 19  

    Pomiń to i wykonaj resztę.

    1
  • CControls
  • #7 06 Lip 2015 02:29
    Piotrek19971
    Poziom 7  

    I jak wszystko w porządku? Bo komunikat juz sie nie pokazuje a te programy co nie chciały się usunąć już są usunięte

    0
  • Pomocny post
    #8 06 Lip 2015 08:09
    jan288
    Poziom 19  

    Brak loga Addition.txt .

    1
  • #9 06 Lip 2015 09:57
    Piotrek19971
    Poziom 7  

    Myślałem że dodałem. I jak?

    Dodano:

    RunDll- pojawiający sie komunikat

    Pobrałem antywirusa Comodo i zrobił jakies krótkie skanowanie, kliknąłem żeby naprawił, komputer sie zresetował i zaczął wyskakiwać taki komunikat ma to cos wspólnego z tym wcześniejszym?

    Moderowany przez swiercm:

    Posty scaliłem. Proszę, byś w przypadku aktualizacji informacji używał opcji "Zmień".

    0
  • Pomocny post
    #10 06 Lip 2015 10:48
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Bing Bar
    Pokki Download Helper
    Pokki
    Qtrax Player

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {2CC70E68-2636-4D87-A217-ABFF9C389CCE} - System32\Tasks\OptimizerPro1UpdaterTask{68E062E8-5630-4B60-9194-366CFA5F9910} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
    Task: {51B8EE4E-D581-4A0A-98D4-BD0A1473C8F8} - System32\Tasks\Sk-Enhancer-S-5499298658 => c:\programdata\wintersoft\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION
    Task: {5BD0542B-04D1-49DF-830A-FD43D46FFBDC} - \Windows Update Check - 0x0E5602E0 No Task File <==== ATTENTION
    Task: {89643C16-D251-483A-A003-C63EF5520350} - System32\Tasks\OptimizerPro1UpdaterTask{020C10D3-5E03-4242-ACBC-7CA7F8A91E71} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
    Task: {D7C00F5C-93D8-48D7-8E6D-06218C303422} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
    Task: {F6445F77-59A6-4864-95FC-AEB1E8BD5273} - System32\Tasks\Chromium => C:\Users\Legenda\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
    Task: C:\Windows\Tasks\Chromium.job => C:\Users\Legenda\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
    Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{020C10D3-5E03-4242-ACBC-7CA7F8A91E71}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exeJ/schedule /profilepath C:\ProgramData\Premium\OptimizerPro1\profile.ini <==== ATTENTION
    Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{68E062E8-5630-4B60-9194-366CFA5F9910}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exeJ/schedule /profilepath C:\ProgramData\Premium\OptimizerPro1\profile.ini <==== ATTENTION
    Task: C:\Windows\Tasks\Sk-Enhancer-S-5499298658.job => c:\programdata\wintersoft\sk-enhancer\Sk-Enhancer.exeJ/schedule /profile c:\programdata\wintersoft\sk-enhancer\5499298658.ini <==== ATTENTION
    Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Legenda).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
    AlternateDataStreams: C:\Windows\Temp:temp
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Software\Classes\.exe: exefile => <===== ATTENTION!
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Software\Classes\exefile: <===== ATTENTION!
    HKLM\...\RunOnce: [*CA] => [X]
    HKU\S-1-5-21-2514341295-222075935-350485170-1040-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Wow6432Node] => C:\Users\Piotrek\AppData\Roaming\B681A7\B681A7.exe [32768 2011-12-29] (Microsoft Corporation)
    HKU\S-1-5-21-2514341295-222075935-350485170-1055-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
    HKU\S-1-5-21-2514341295-222075935-350485170-1055-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #1] => C:\Users\Legenda\AppData\Local\Pokki\Engine\HostAppService.exe [7848776 2015-03-19] (Pokki)




    HKU\S-1-5-21-2514341295-222075935-350485170-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    Startup: C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk [2014-01-30]
    ShortcutTarget: start.lnk -> C:\Users\Administrator\udeqt\start.vbs (No File)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2514341295-222075935-350485170-1042-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2514341295-222075935-350485170-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2514341295-222075935-350485170-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2514341295-222075935-350485170-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [S-1-5-21-2514341295-222075935-350485170-1042-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.yahoo.com?fr=fp-comodo
    URLSearchHook: HKLM-x32 - (No Name) - {43bb27e0-a789-4894-b1a3-e7c6af827a68} - No File
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-1040-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-1040-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-1042-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-1042-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-1042-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=...CH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-1055-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-1055-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {szukaj.gazeta.pl} URL = http://do-search.com/web/?utm_source=b&ut...958&ts=1433437650&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL =
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL =
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    BHO: uoniSalees -> {0718616a-9a76-49ac-b4b9-8704fe4acd71} -> No File
    BHO: JonniCoupoen -> {2130f167-dd9d-42d6-81fb-3c16da75c924} -> No File
    BHO: BesttSaveForYou -> {49abdec8-a6c6-4b3a-92c3-ae374dd40cf7} -> No File
    BHO: AllChEapPreice -> {9f4edd78-3451-4e43-b14a-93edd7b24aba} -> No File
    BHO-x32: No Name -> {A5F52A5D-8999-0BF1-2A76-9E84738F703C} -> No File
    BHO-x32: No Name -> {C9ACA1FD-0E8E-12FB-1FB9-EE53303C335D} -> No File
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
    Toolbar: HKLM-x32 - No Name - {52170494-4d34-4f69-8dac-f726dc0da9ac} - No File
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
    Toolbar: HKU\S-1-5-21-2514341295-222075935-350485170-1040-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Winsock: Catalog5 01 mswsock.dll File not found ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll File not found ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & ' ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 05 mswsock.dll File Not ' & $found1 & ' ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    FF Homepage: hxxp://pl.yahoo.com?fr=fp-comodo
    FF DefaultSearchEngine: Yahoo
    FF SelectedSearchEngine: Yahoo
    FF Keyword.URL: hxxp://pl.search.yahoo.com/search?fr=ytff-comodo&p=
    FF Plugin HKU\S-1-5-21-2514341295-222075935-350485170-1055-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pokki.com/PokkiDownloadHelper -> C:\Users\Legenda\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [2015-05-08] (Pokki)
    FF Plugin HKU\S-1-5-21-2514341295-222075935-350485170-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pokki.com/PokkiDownloadHelper -> C:\Users\Gość\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@dokotoolbar.com [2015-07-03]
    FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com
    CHR Plugin: (DealPlyLive Update) - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
    CHR HKLM-x32\...\Chrome\Extension: [bkogldplomdepajnkhknadblkbngnamg] - C:\ProgramData\ADDICT-THING\bkogldplomdepajnkhknadblkbngnamg.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [gbefdneaakfnmogemdbdecigjocaeinf] - C:\ProgramData\Click2Save\gbefdneaakfnmogemdbdecigjocaeinf.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not
    S3 ALSysIO; \??\C:\Users\fsdsf\AppData\Local\Temp\ALSysIO64.sys [X]
    S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
    2015-06-12 14:44 - 2015-06-12 14:44 - 03612760 _____ (Facebook Inc.) C:\Users\Legenda\Downloads\Kaspersky_T439032969602770T_(1).exe
    2015-06-12 14:42 - 2015-06-12 14:42 - 03612760 _____ (Facebook Inc.) C:\Users\Legenda\Downloads\Kaspersky_T439032969602770T_.exe
    2015-07-06 09:22 - 2013-11-12 22:13 - 00000464 ____H C:\Windows\Tasks\Sk-Enhancer-S-5499298658.job
    2015-07-06 09:22 - 2012-10-30 23:11 - 00000428 ____H C:\Windows\Tasks\OptimizerPro1UpdaterTask{020C10D3-5E03-4242-ACBC-7CA7F8A91E71}.job
    2015-07-06 09:22 - 2012-10-21 12:09 - 00000428 ____H C:\Windows\Tasks\OptimizerPro1UpdaterTask{68E062E8-5630-4B60-9194-366CFA5F9910}.job
    2015-07-06 02:08 - 2015-05-06 14:28 - 00000000 ____D C:\Users\Gość\AppData\Roaming\Elex-tech
    2015-07-06 02:08 - 2015-05-06 12:55 - 00000000 ____D C:\Users\ZAKONNIK!\AppData\Roaming\Elex-tech
    2015-07-06 02:08 - 2013-12-01 00:30 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\GFtOF
    2015-07-06 02:08 - 2013-11-10 22:55 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\hFtOF
    2015-07-06 02:08 - 2013-11-10 00:40 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\vIwRI
    2015-07-06 02:08 - 2013-11-09 22:18 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\SFsOE
    2015-07-06 02:08 - 2013-11-06 22:09 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\fpdyo
    2015-07-05 17:07 - 2015-05-16 23:37 - 00000000 ____D C:\Users\Legenda\AppData\Roaming\dll-files.com
    2015-06-12 15:07 - 2015-01-14 01:37 - 00000000 ____D C:\ProgramData\BesttSaveForYou
    2015-06-12 15:07 - 2015-01-13 00:31 - 00000000 ____D C:\ProgramData\JonniCoupoen
    2015-06-12 15:07 - 2015-01-13 00:31 - 00000000 ____D C:\ProgramData\AllChEapPreice
    2015-06-12 15:07 - 2015-01-05 03:25 - 00000000 ____D C:\Program Files (x86)\uoniSalees
    2014-02-15 01:48 - 2014-02-15 04:21 - 50053120 _____ () C:\Program Files (x86)\GUT2E13.tmp
    2014-01-04 13:04 - 2014-01-11 01:39 - 0000819 _____ () C:\Users\Administrator\AppData\Roaming\settings_402.ini
    2013-08-07 09:26 - 2013-08-07 09:26 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT1E87.tmp
    2013-08-10 09:26 - 2013-08-10 09:26 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT225E.tmp
    2013-08-05 12:51 - 2013-08-05 12:51 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT2D18.tmp
    2013-08-06 09:35 - 2013-08-06 09:35 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT556F.tmp
    2013-08-09 22:18 - 2013-08-09 22:18 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT6086.tmp
    2013-08-13 13:23 - 2013-08-13 13:23 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT7D69.tmp
    2013-08-11 20:59 - 2013-08-11 20:59 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT8D9E.tmp
    2013-08-14 08:56 - 2013-08-14 08:56 - 0000000 _____ () C:\Users\Administrator\AppData\Local\BIT9D86.tmp
    2013-08-11 10:02 - 2013-08-11 10:02 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITAACF.tmp
    2013-08-07 20:49 - 2013-08-07 20:49 - 0000000 _____ () C:\Users\Administrator\AppData\Local\BITAEE4.tmp
    2013-08-10 17:27 - 2013-08-10 17:27 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITB02B.tmp
    2013-08-08 09:45 - 2013-08-08 09:45 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITBCC9.tmp
    2013-08-08 21:59 - 2013-08-08 21:59 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITBEAC.tmp
    2013-08-09 10:50 - 2013-08-09 10:50 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITC206.tmp
    2013-08-11 11:52 - 2013-08-11 11:52 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITC58F.tmp
    2013-08-09 09:33 - 2013-08-09 09:33 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITC5BE.tmp
    2013-08-09 13:47 - 2013-08-09 13:47 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITC5DD.tmp
    2013-08-12 09:41 - 2013-08-12 09:41 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITC5DE.tmp
    2013-08-05 10:57 - 2013-08-05 10:57 - 0000000 _____ () C:\Users\Administrator\AppData\Local\BITCF20.tmp
    2013-08-12 22:51 - 2013-08-12 22:51 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITCF5F.tmp
    2013-08-04 15:53 - 2013-08-04 15:53 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITFC38.tmp
    C:\Users\Piotrek\AppData\Local\Google\Desktop\Install
    C:\Program Files (x86)\Google\Desktop\Install
    C:\Users\Administrator\autoruns.exe
    C:\Users\Administrator\autorunsc.exe
    EmptyTemp:

    W FRST wybierz Fix.

    Po wykonaniu daj nowe logi z FRST, ze skanowania.

    Zrob pelny skan przy pomocy mbam i usun to co wykryje.

    1
  • #11 06 Lip 2015 10:52
    Acorus 20
    Spec od komputerów

    Odinstaluj Akamai NetSession Interface, Qtrax Player, GeekBuddy. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {2CC70E68-2636-4D87-A217-ABFF9C389CCE} - System32\Tasks\OptimizerPro1UpdaterTask{68E062E8-5630-4B60-9194-366CFA5F9910} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
    Task: {51B8EE4E-D581-4A0A-98D4-BD0A1473C8F8} - System32\Tasks\Sk-Enhancer-S-5499298658 => c:\programdata\wintersoft\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION
    Task: {5BD0542B-04D1-49DF-830A-FD43D46FFBDC} - \Windows Update Check - 0x0E5602E0 No Task File <==== ATTENTION
    Task: {89643C16-D251-483A-A003-C63EF5520350} - System32\Tasks\OptimizerPro1UpdaterTask{020C10D3-5E03-4242-ACBC-7CA7F8A91E71} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
    Task: {B49AA150-24CA-432C-8CAC-9DD34DF1BEF4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2514341295-222075935-350485170-1052UA => C:\Users\ZAKONNIK!\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: {D7C00F5C-93D8-48D7-8E6D-06218C303422} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
    Task: {F22193D6-E34C-4096-BFFD-E1F884B5A4B6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2514341295-222075935-350485170-1052Core => C:\Users\ZAKONNIK!\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2514341295-222075935-350485170-1052Core.job => C:\Users\ZAKONNIK!\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2514341295-222075935-350485170-1052UA.job => C:\Users\ZAKONNIK!\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{020C10D3-5E03-4242-ACBC-7CA7F8A91E71}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exeJ/schedule /profilepath C:\ProgramData\Premium\OptimizerPro1\profile.ini <==== ATTENTION
    Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{68E062E8-5630-4B60-9194-366CFA5F9910}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exeJ/schedule /profilepath C:\ProgramData\Premium\OptimizerPro1\profile.ini <==== ATTENTION
    Task: C:\Windows\Tasks\Sk-Enhancer-S-5499298658.job => c:\programdata\wintersoft\sk-enhancer\Sk-Enhancer.exeJ/schedule /profile c:\programdata\wintersoft\sk-enhancer\5499298658.ini <==== ATTENTION
    AlternateDataStreams: C:\Windows\Temp:temp
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Software\Classes\.exe: exefile => <===== ATTENTION!
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Software\Classes\exefile: <===== ATTENTION!
    HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-30] (Comodo Security Solutions, Inc.)
    HKLM\...\RunOnce: [*CA] => [X]
    HKU\S-1-5-21-2514341295-222075935-350485170-1040-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Wow6432Node] => C:\Users\Piotrek\AppData\Roaming\B681A7\B681A7.exe [32768 2011-12-29] (Microsoft Corporation)
    HKU\S-1-5-21-2514341295-222075935-350485170-1040-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update**.d<*>] => "C:\Users\Piotrek\AppData\Local\Google\Desktop\Install\{198df2d2-8048-865e-0c5c-7569ee531fbf}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{198df2d2-8048-865e-0c5c-7569ee531fbf}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-2514341295-222075935-350485170-1055-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Legenda\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-07-06]
    ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
    ShortcutTarget: start.lnk -> C:\Users\Administrator\udeqt\start.vbs (No File)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2514341295-222075935-350485170-1042-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2514341295-222075935-350485170-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2514341295-222075935-350485170-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2514341295-222075935-350485170-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [S-1-5-21-2514341295-222075935-350485170-1042-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.yahoo.com?fr=fp-comodo
    URLSearchHook: HKLM-x32 - (No Name) - {43bb27e0-a789-4894-b1a3-e7c6af827a68} - No File
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-1042-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=...CH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-1055-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-1055-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {szukaj.gazeta.pl} URL = http://do-search.com/web/?utm_source=b&ut...958&ts=1433437650&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL =
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL =
    BHO: uoniSalees -> {0718616a-9a76-49ac-b4b9-8704fe4acd71} -> No File
    BHO: JonniCoupoen -> {2130f167-dd9d-42d6-81fb-3c16da75c924} -> No File
    BHO: BesttSaveForYou -> {49abdec8-a6c6-4b3a-92c3-ae374dd40cf7} -> No File
    BHO: AllChEapPreice -> {9f4edd78-3451-4e43-b14a-93edd7b24aba} -> No File
    BHO-x32: No Name -> {A5F52A5D-8999-0BF1-2A76-9E84738F703C} -> No File
    BHO-x32: No Name -> {C9ACA1FD-0E8E-12FB-1FB9-EE53303C335D} -> No File
    Toolbar: HKLM-x32 - No Name - {52170494-4d34-4f69-8dac-f726dc0da9ac} - No File
    Toolbar: HKU\S-1-5-21-2514341295-222075935-350485170-1040-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF Homepage: hxxp://pl.yahoo.com?fr=fp-comodo
    FF DefaultSearchEngine: Yahoo
    FF SelectedSearchEngine: Yahoo
    FF Keyword.URL: hxxp://pl.search.yahoo.com/search?fr=ytff-comodo&p=
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@dokotoolbar.com [2015-07-03]
    FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com
    S3 ALSysIO; \??\C:\Users\fsdsf\AppData\Local\Temp\ALSysIO64.sys [X]
    S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
    2015-07-06 02:08 - 2015-05-06 14:28 - 00000000 ____D C:\Users\Gość\AppData\Roaming\Elex-tech
    2015-07-06 02:08 - 2015-05-06 12:55 - 00000000 ____D C:\Users\ZAKONNIK!\AppData\Roaming\Elex-tech
    2015-07-06 02:08 - 2013-12-01 00:30 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\GFtOF
    2015-07-06 02:08 - 2013-11-10 22:55 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\hFtOF
    2015-07-06 02:08 - 2013-11-10 00:40 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\vIwRI
    2015-07-06 02:08 - 2013-11-09 22:18 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\SFsOE
    2015-07-06 02:08 - 2013-11-06 22:09 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\fpdyo
    2015-06-12 15:07 - 2015-01-14 01:37 - 00000000 ____D C:\ProgramData\BesttSaveForYou
    2015-06-12 15:07 - 2015-01-13 00:31 - 00000000 ____D C:\ProgramData\JonniCoupoen
    2015-06-12 15:07 - 2015-01-13 00:31 - 00000000 ____D C:\ProgramData\AllChEapPreice
    2015-06-12 15:07 - 2015-01-05 03:25 - 00000000 ____D C:\Program Files (x86)\uoniSalees
    C:\Users\Piotrek\AppData\Local\Google\Desktop\Install
    C:\Program Files (x86)\Google\Desktop\Install
    C:\Users\Administrator\autoruns.exe
    C:\Users\Administrator\autorunsc.exe
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Przeskanuj programem Dr.WEB CureIt http://www.freedrweb.com/cureit/?lng=pl
    Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.
    Najpierw możesz wyeksportować zakładki: https://support.google.com/chrome/answer/96816?hl=pl
    Później zainstaluj stabilną wersję: https://www.google.pl/chrome/browser/desktop/

    0
  • #12 06 Lip 2015 12:23
    Piotrek19971
    Poziom 7  

    Nie pomogło, Możliwe że coś zle zrobilem może któryś z was by spróbował to naprawić przez TeamViewer?

    0
  • #13 06 Lip 2015 12:38
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    0
  • #15 06 Lip 2015 14:31
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
    Startup: C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk [2014-01-30]
    ShortcutTarget: start.lnk -> C:\Users\Administrator\udeqt\start.vbs (No File)
    URLSearchHook: [S-1-5-21-2514341295-222075935-350485170-1042-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
    URLSearchHook: [S-1-5-21-2514341295-222075935-350485170-1055-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
    URLSearchHook: [S-1-5-21-2514341295-222075935-350485170-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
    URLSearchHook: [S-1-5-21-2514341295-222075935-350485170-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
    SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL =
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL =
    Winsock: Catalog5 01 mswsock.dll File not found ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll File not found ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & ' ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 05 mswsock.dll File Not ' & $found1 & ' ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    FF Plugin HKU\S-1-5-21-2514341295-222075935-350485170-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
    FF Plugin HKU\S-1-5-21-2514341295-222075935-350485170-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
    U2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [X]
    U1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
    DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix.

    0
  • #17 06 Lip 2015 23:18
    Kolobos
    Spec od komputerów

    Po co chwile instalujesz zbedne/szkodliwe programy?

    Odinstaluj:
    DllTool 1.0
    Registry Life version 3.08
    WinThruster

    Uzyj: http://download.eset.com/special/ESETSirefefCleaner.exe

    Fixlist.txt dla FRST:
    HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-2514341295-222075935-350485170-500\...\Policies\Explorer: [RestrictRun] 0
    HKU\S-1-5-21-2514341295-222075935-350485170-500\...\MountPoints2: {646f03e6-ff57-11e1-8c31-806e6f6e6963} - E:\Autorun.exe
    HKU\S-1-5-21-2514341295-222075935-350485170-500\...\MountPoints2: {80e29d9b-29d7-11e4-8cef-002421eccc16} - F:\setup.exe
    HKU\S-1-5-21-2514341295-222075935-350485170-500\...\MountPoints2: {974204fb-00d5-11e2-a710-002421eccc16} - F:\autorun.exe
    HKU\S-1-5-21-2514341295-222075935-350485170-500\...\MountPoints2: {bd128a78-533c-11e2-ac46-002421eccc16} - F:\Autorun.exe
    HKU\S-1-5-21-2514341295-222075935-350485170-500\...\MountPoints2: {fc1b968f-8cd1-11e2-8fa6-002421eccc16} - F:\Installer.exe
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
    Task: {35614781-9650-4193-A041-FA1764861B9A} - System32\Tasks\WinThruster_DEFAULT => C:\Program Files (x86)\WinThruster\WinThruster.exe [2015-07-06] (Solvusoft Corporation)
    Task: {905EE42E-22A5-4A75-843A-CC74AA350C3C} - System32\Tasks\WinThruster_UPDATES => C:\Program Files (x86)\WinThruster\WinThruster.exe [2015-07-06] (Solvusoft Corporation)
    Task: {F6445F77-59A6-4864-95FC-AEB1E8BD5273} - System32\Tasks\Chromium => C:\Users\Legenda\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
    Task: C:\Windows\Tasks\Chromium.job => C:\Users\Legenda\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
    Task: C:\Windows\Tasks\WinThruster.job => C:\Program Files (x86)\WinThruster\WinThruster.exe
    Task: C:\Windows\Tasks\WinThruster_DEFAULT.job => C:\Program Files (x86)\WinThruster\WinThruster.exe
    Task: C:\Windows\Tasks\WinThruster_UPDATES.job => C:\Program Files (x86)\WinThruster\WinThruster.exe
    AlternateDataStreams: C:\Windows\Temp:temp
    IE trusted site: HKU\S-1-5-21-2514341295-222075935-350485170-500\...\kuaiche.com -> hxxp://software.kuaiche.com
    URLSearchHook: [S-1-5-21-2514341295-222075935-350485170-1042-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
    URLSearchHook: [S-1-5-21-2514341295-222075935-350485170-1055-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
    URLSearchHook: [S-1-5-21-2514341295-222075935-350485170-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
    URLSearchHook: [S-1-5-21-2514341295-222075935-350485170-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
    CHR Plugin: (DealPlyLive Update) - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
    CHR HKLM-x32\...\Chrome\Extension: [bkogldplomdepajnkhknadblkbngnamg] - C:\ProgramData\ADDICT-THING\bkogldplomdepajnkhknadblkbngnamg.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [gbefdneaakfnmogemdbdecigjocaeinf] - C:\ProgramData\Click2Save\gbefdneaakfnmogemdbdecigjocaeinf.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
    U3 MBAMSwissArmy; No ImagePath
    U5 BFE; <===== ATTENTION Locked Service
    2015-07-06 20:36 - 2015-07-06 20:36 - 00000274 _____ C:\Windows\Tasks\WinThruster.job
    2015-07-06 20:12 - 2015-07-06 20:12 - 18218008 _____ (ChemTable Software ) C:\Users\Administrator\Downloads\registry-life-setup(1).exe
    2015-07-06 20:05 - 2015-07-06 20:05 - 00841232 _____ (Application Web ) C:\Users\Administrator\Downloads\Registry-Life(18391)-dp(1).exe
    2015-07-06 19:19 - 2015-07-06 19:19 - 00841232 _____ (Application Web ) C:\Users\Administrator\Downloads\Registry-Life(18391)-dp.exe
    2015-07-06 19:15 - 2015-07-06 20:23 - 00003106 _____ C:\Windows\System32\Tasks\WinThruster
    2015-07-06 19:15 - 2015-07-06 19:25 - 00000298 _____ C:\Windows\Tasks\WinThruster_UPDATES.job
    2015-07-06 19:15 - 2015-07-06 19:25 - 00000290 _____ C:\Windows\Tasks\WinThruster_DEFAULT.job
    2015-07-06 19:15 - 2015-07-06 19:15 - 00003054 _____ C:\Windows\System32\Tasks\WinThruster_UPDATES
    2015-07-06 19:15 - 2015-07-06 19:15 - 00002898 _____ C:\Windows\System32\Tasks\WinThruster_DEFAULT
    2015-07-06 19:15 - 2015-07-06 19:15 - 00001039 _____ C:\Users\Public\Desktop\WinThruster.lnk
    2015-07-06 19:15 - 2015-07-06 19:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Solvusoft
    2015-07-06 19:15 - 2015-07-06 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
    2015-07-06 19:15 - 2015-07-06 19:15 - 00000000 ____D C:\Program Files (x86)\WinThruster
    2015-07-06 19:15 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
    2015-07-06 19:14 - 2015-07-06 19:14 - 03894696 _____ (solvusoft Corporation ) C:\Users\Administrator\Downloads\Setup_WinThruster_2015.exe
    2015-07-06 14:52 - 2015-07-06 14:52 - 00001077 ____C C:\Users\Administrator\Desktop\DllTool.lnk
    2015-07-06 14:52 - 2015-07-06 14:52 - 00000000 ___DC C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DllTool
    2015-07-06 14:52 - 2015-07-06 14:52 - 00000000 ___DC C:\Users\Administrator\AppData\Roaming\KSafe
    2015-07-06 14:52 - 2015-07-06 14:52 - 00000000 ___DC C:\ProgramData\KSafe
    2015-07-06 14:52 - 2015-07-06 14:52 - 00000000 ___DC C:\Program Files (x86)\DllTool
    2015-07-06 14:51 - 2015-07-06 14:51 - 08508752 _____ ( ) C:\Users\Administrator\Downloads\DllTool.exe
    2015-06-12 14:44 - 2015-06-12 14:44 - 03612760 _____ (Facebook Inc.) C:\Users\Legenda\Downloads\Kaspersky_T439032969602770T_(1).exe
    2015-06-12 14:42 - 2015-06-12 14:42 - 03612760 _____ (Facebook Inc.) C:\Users\Legenda\Downloads\Kaspersky_T439032969602770T_.exe
    2015-07-06 09:48 - 2013-11-27 11:25 - 00000000 _RSHD C:\Users\Piotrek\udeqt
    2015-07-06 09:48 - 2013-11-25 08:51 - 00000000 _RSHD C:\Users\Piotrek\ejcuk
    2015-07-06 02:08 - 2015-05-06 14:28 - 00000000 ____D C:\Users\Gość\AppData\Roaming\Elex-tech
    2015-07-06 02:08 - 2013-05-27 13:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinDefenderst
    2015-07-06 02:08 - 2013-05-22 15:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinDefenders
    2015-07-05 17:07 - 2015-05-16 23:37 - 00000000 ____D C:\Users\Legenda\AppData\Roaming\dll-files.com
    2014-02-15 01:48 - 2014-02-15 04:21 - 50053120 _____ () C:\Program Files (x86)\GUT2E13.tmp
    2014-01-04 13:04 - 2014-01-11 01:39 - 0000819 _____ () C:\Users\Administrator\AppData\Roaming\settings_402.ini
    2013-08-07 09:26 - 2013-08-07 09:26 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT1E87.tmp
    2013-08-10 09:26 - 2013-08-10 09:26 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT225E.tmp
    2013-08-05 12:51 - 2013-08-05 12:51 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT2D18.tmp
    2013-08-06 09:35 - 2013-08-06 09:35 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT556F.tmp
    2013-08-09 22:18 - 2013-08-09 22:18 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT6086.tmp
    2013-08-13 13:23 - 2013-08-13 13:23 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT7D69.tmp
    2013-08-11 20:59 - 2013-08-11 20:59 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BIT8D9E.tmp
    2013-08-14 08:56 - 2013-08-14 08:56 - 0000000 _____ () C:\Users\Administrator\AppData\Local\BIT9D86.tmp
    2013-08-11 10:02 - 2013-08-11 10:02 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITAACF.tmp
    2013-08-07 20:49 - 2013-08-07 20:49 - 0000000 _____ () C:\Users\Administrator\AppData\Local\BITAEE4.tmp
    2013-08-10 17:27 - 2013-08-10 17:27 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITB02B.tmp
    2013-08-08 09:45 - 2013-08-08 09:45 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITBCC9.tmp
    2013-08-08 21:59 - 2013-08-08 21:59 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITBEAC.tmp
    2013-08-09 10:50 - 2013-08-09 10:50 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITC206.tmp
    2013-08-11 11:52 - 2013-08-11 11:52 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITC58F.tmp
    2013-08-09 09:33 - 2013-08-09 09:33 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITC5BE.tmp
    2013-08-09 13:47 - 2013-08-09 13:47 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITC5DD.tmp
    2013-08-12 09:41 - 2013-08-12 09:41 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITC5DE.tmp
    2013-08-05 10:57 - 2013-08-05 10:57 - 0000000 _____ () C:\Users\Administrator\AppData\Local\BITCF20.tmp
    2013-08-12 22:51 - 2013-08-12 22:51 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITCF5F.tmp
    2013-08-04 15:53 - 2013-08-04 15:53 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITFC38.tmp
    DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
    EmptyTemp:

    Po wykonaniu daj fixlog.txt oraz nowe logi ze skanowania.

    0
  • #19 07 Lip 2015 09:53
    Domino_2
    Pomocny dla użytkowników

    Kopiujesz całego fixa do notatnika, zapisujesz pod nazwą fixlist.txt i umieszczasz w folderze gdzie masz plik FRST.exe. Następnie odpalasz go i klikasz Fix.

    0
  • #20 07 Lip 2015 10:19
    Piotrek19971
    Poziom 7  

    Ale to FRST.exe to jest ten program co skanuje czy ten dokument?

    0
  • #21 07 Lip 2015 10:52
    Kolobos
    Spec od komputerów

    Frst to jest ten program co skanujesz... masz go w C:\Users\Administrator\Downloads i tam tez masz utworzyc plik fixlist.txt i wkleic do niego to co podalem.

    0
  • #22 07 Lip 2015 11:04
    Piotrek19971
    Poziom 7  

    No to tak zrobilem i podalem we wczesniejszej wiadomosci te wyniki ze skanowania

    0
  • Pomocny post
    #23 07 Lip 2015 11:15
    Acorus 20
    Spec od komputerów

    Nie pokazałeś ani jednego loga z usuwania ( fixlog.txt)

    1
  • #24 07 Lip 2015 11:28
    Piotrek19971
    Poziom 7  

    A fixlog.txt jak mam zobaczyć?

    0
  • Pomocny post
    #25 07 Lip 2015 12:17
    Kolobos
    Spec od komputerów

    @Piotrek19971 fixlog.txt tworzy sie w katalogu w ktorym masz frst po wykonaniu skryptu.

    1
  • #26 07 Lip 2015 13:16
    Piotrek19971
    Poziom 7  

    To jakoś inaczej sie nazywa? fixlog.txt nei moge nigdzie znalezc

    0
  • #27 07 Lip 2015 14:04
    Kolobos
    Spec od komputerów

    Skoro nie mozesz znalezc to pewnie nie wykonales fixlist.txt, po wykonaniu fixlog.txt sam sie otworzy.

    0
  • #28 07 Lip 2015 15:59
    Piotrek19971
    Poziom 7  

    A to .txt na końcu ma jakeiś znaczenie? Bo jak tak zapisuję to wyskakuje komunikat, że nie może być takich znaków i ja wtedy zapisuje normalnie.

    0
  • Pomocny post
    #29 07 Lip 2015 16:28
    Acorus 20
    Spec od komputerów

    Musi być zapisany jako plik tekstowy.Najlepiej poproś kogoś bardziej obeznanego co Ci pomoże.

    1
  • #30 07 Lip 2015 17:50
    Piotrek19971
    Poziom 7  

    Teraz to już w ogóle wyskakuje błąd przy odpaleniu tego programu i od razu wyskakuje ten komunikat, co wysyłałem screeny. :/ Ile taka naprawa kosztuje w serwisie mniej więcej?

    0