Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wolny komputer, reklamy w przeglądarce - logi FRST

jurekl2 09 Cze 2016 19:00 537 5
  • #2 09 Cze 2016 19:06
    krzychupar
    Poziom 41  

    Jeszcze log Addition.txt.

    0
  • #3 09 Cze 2016 19:07
    jurekl2
    Poziom 11  

    ok, mój błąd...już dodane.

    0
  • Pomocny post
    #4 09 Cze 2016 19:20
    krzychupar
    Poziom 41  

    Otwórz notatnik i wklej:

    Task: {116BF42D-B566-4E6E-A9DB-0E65F6D564BD} - System32\Tasks\{56407EC3-9C7C-0056-02B0-9C0133B76B00} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\297d31cd\708a2f71.dll" <==== UWAGA
    Task: {2611CFB6-33F7-4FA4-926C-E648FEB7FD60} - System32\Tasks\Opera scheduled Autoupdate 1418221182 => C:\Program Files\Opera\launcher.exe [2014-12-30] ()
    Task: {4762616D-C4B6-43A3-AF7B-D6DB4B24AF3E} - System32\Tasks\{AB391AE1-B0D8-49E6-A74B-531356608EBB} => pcalua.exe -a "C:\Users\Admin\Downloads\install_flashplayer14x32_x64md_aaa_aih (6).exe" -d C:\Users\Admin\Downloads
    Task: {63C720AD-2A16-46EE-ABEC-D584CA3D6AC8} - System32\Tasks\{078805BA-5909-4F96-86FD-E46792ED691A} => pcalua.exe -a "C:\Users\Admin\Downloads\install_flashplayer14x32_x64md_aaa_aih (9).exe" -d C:\Users\Admin\Downloads
    Task: {6C676C80-1D40-47D8-BDCA-B93CE50186C6} - System32\Tasks\{553854BC-8225-451F-8745-9C56ADEF05C6} => pcalua.exe -a "C:\Program Files\Opera\Launcher.exe" -c /uninstall
    Task: {C5F75A13-A89A-47F6-AF27-7DD1ED3A04D1} - System32\Tasks\{3F9BD742-4AA3-4F74-A847-B688C74BCED7} => pcalua.exe -a C:\Users\Admin\Desktop\03-08-2011_www_ModBase_PL_Gta_Sa_Spolszczenie.exe -d C:\Users\Admin\Desktop
    Task: {CF191A76-671F-4CFE-A680-CFC6F9C3038C} - System32\Tasks\{348B17A1-8E6F-4DA6-A66A-885D7F398814} => pcalua.exe -a "C:\Users\Admin\Downloads\install_flashplayer14x32_x64md_aaa_aih (8).exe" -d C:\Users\Admin\Downloads
    AppInit_DLLs: C:\ProgramData\Quotenamron\Super-Lam.dll => Brak pliku
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{1B6404CC-CEDC-4B9C-B664-F4C8300A6D6C}: [NameServer] 82.163.143.171,82.163.142.173
    Tcpip\..\Interfaces\{23F25D4F-4393-4D1A-ACE1-CA2AE59DFF5C}: [NameServer] 82.163.143.171,82.163.142.173
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-4287467269-945128688-2526948474-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-4287467269-945128688-2526948474-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O1BbbaZzMTNxILdhAd5BaZ75LfX5R85Iw8iRcT&q={searchTerms}
    HKU\S-1-5-21-4287467269-945128688-2526948474-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...y33pwfySML2dIQ8yhEh4WnYNqOjw6o1UJfoEG8eYW-tAw




    HKU\S-1-5-21-4287467269-945128688-2526948474-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O1BbbaZzMTNxILdhAd5BaZ75LfX5R85Iw8iRcT&q={searchTerms}
    HKU\S-1-5-21-4287467269-945128688-2526948474-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O1BbbaZzMTNxILdhAd5BaZ75LfX5R85Iw8iRcT&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O1BbbaZzMTNxILdhAd5BaZ75LfX5R85Iw8iRcT&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4287467269-945128688-2526948474-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O1BbbaZzMTNxILdhAd5BaZ75LfX5R85Iw8iRcT&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4287467269-945128688-2526948474-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O1BbbaZzMTNxILdhAd5BaZ75LfX5R85Iw8iRcT&q={searchTerms}
    S4 Quotenamron; C:\ProgramData\\Quotenamron\\Quotenamron.exe shuz -f "C:\ProgramData\\Quotenamron\\Quotenamron.dat" -l -a
    S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
    S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 SjyPkt; \??\C:\Windows\System32\Drivers\SjyPkt.sys [X]
    2016-05-31 17:53 - 2016-05-31 17:53 - 00009532 _____ C:\ComboFix.txt
    2016-05-31 17:31 - 2016-05-31 17:53 - 00000000 ____D C:\Qoobox
    2016-05-31 17:31 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-05-31 17:31 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-05-31 17:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-05-31 17:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-05-31 17:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-05-31 17:31 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
    2016-05-31 17:31 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
    2016-05-31 17:31 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
    2016-05-31 17:30 - 2016-05-31 17:51 - 00000000 ____D C:\Windows\erdnt
    2016-05-17 19:21 - 2016-05-17 19:21 - 00000000 ____D C:\ProgramData\95cb8e72-7dd7-0
    2016-05-17 19:21 - 2016-05-17 19:21 - 00000000 ____D C:\ProgramData\95cb8e72-1827-1
    2016-05-15 16:52 - 2016-05-15 16:53 - 00000000 ____D C:\ProgramData\019cb002-6903-0
    2016-05-15 16:52 - 2016-05-15 16:52 - 00000000 ____D C:\ProgramData\95cb8e72-7a93-0
    2016-05-15 16:51 - 2016-05-15 16:52 - 00000000 ____D C:\ProgramData\95cb8e72-28f1-1
    2016-05-15 15:10 - 2016-05-15 15:11 - 00000000 ____D C:\ProgramData\019cb002-3e85-1
    2016-05-15 15:10 - 2016-05-15 15:11 - 00000000 ____D C:\ProgramData\019cb002-1761-0
    2016-05-15 10:10 - 2016-05-16 17:44 - 00000000 ____D C:\ProgramData\95cb8e72-2a85-1
    2016-05-15 10:10 - 2016-05-15 10:11 - 00000000 ____D C:\ProgramData\95cb8e72-79a7-0
    2016-05-14 16:10 - 2016-05-14 16:10 - 00000000 ____D C:\ProgramData\95cb8e72-6047-0
    2016-05-14 16:10 - 2016-05-14 16:10 - 00000000 ____D C:\ProgramData\95cb8e72-5923-1
    2016-05-10 12:49 - 2016-05-10 12:49 - 00000000 ____D C:\ProgramData\019cb002-2737-1
    2016-05-10 12:49 - 2016-05-10 12:49 - 00000000 ____D C:\ProgramData\019cb002-0617-0
    2016-03-22 11:06 - 2016-03-22 11:06 - 6493696 _____ () C:\Users\Admin\AppData\Roaming\agent.dat
    2016-03-22 11:06 - 2016-03-22 11:06 - 0065232 _____ () C:\Users\Admin\AppData\Roaming\Config.xml
    2016-03-22 11:03 - 2016-03-22 11:06 - 0014256 _____ () C:\Users\Admin\AppData\Roaming\InstallationConfiguration.xml
    2016-03-22 11:03 - 2016-03-22 11:03 - 0127488 _____ () C:\Users\Admin\AppData\Roaming\Installer.dat
    2016-03-22 11:06 - 2016-03-22 11:06 - 0018432 _____ () C:\Users\Admin\AppData\Roaming\Main.dat
    2016-03-22 11:06 - 2016-03-22 11:06 - 0005568 _____ () C:\Users\Admin\AppData\Roaming\md.xml
    2016-03-22 11:06 - 2016-03-22 11:06 - 1622056 _____ () C:\Users\Admin\AppData\Roaming\MedDintrax.tst
    2016-03-22 11:06 - 2016-03-22 11:06 - 0126464 _____ () C:\Users\Admin\AppData\Roaming\noah.dat
    2015-01-23 18:31 - 2015-01-23 18:32 - 0000028 _____ () C:\Users\Admin\AppData\Roaming\setting
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #5 09 Cze 2016 19:21
    kamyk1306
    Poziom 9  

    Możesz pobrać i uruchomić program AdwCleaner program czyści pliki rejestru z niepotrzebnych śmieci a zwłaszcza reklam i podobnych programów w większości przypadków po użyciu tego programu nie trzeba było robić reinstalacji systemu ale to w ostatecznych ciężkich przypadkach.

    0